moai-foundation-cc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs explicitly describe adding and installing plugins/marketplaces from external GitHub or remote URLs (see reference/claude-code-discover-plugins-official.md with "/plugin marketplace add owner/repo" and "plugin install https://github.com/owner/repo.git"), enabling the agent to fetch and load arbitrary third‑party content (and browser/WebFetch usage in headless/CLI docs) which can materially change tool behavior and thus enable indirect prompt injection.