moai-foundation-claude

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs adding and browsing remote plugin marketplaces and installing plugins from third‑party sources (e.g., reference/claude-code-discover-plugins-official.md and the CLI plugin install/marketplace add commands in SKILL.md), and also documents browser (--chrome) and WebFetch capabilities—flows that load untrusted, user‑generated content which the agent is expected to read and that can change tools/behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that fetch and install remote plugin/marketplace manifests (e.g., "claude plugin install https://github.com/owner/repo.git" and "/plugin marketplace add https://gitlab.com/company/plugins.git" or "https://example.com/marketplace.json"), which will download remote code/manifests that can contain agent prompts, hook definitions, or executable hooks—allowing external content to directly control prompts or cause code execution at runtime.