claude-code-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly installs and updates plugins from public sources (e.g., /plugin install github:owner/repo, marketplace add owner/repo, and curl to raw.githubusercontent.com to fetch .claude-plugin/plugin.json and marketplace.json), which causes the agent to fetch and interpret untrusted, user-provided content from the open web (GitHub/marketplaces).