moai-foundation-claude

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill documentation explicitly allows installing plugins from arbitrary GitHub repositories ("Use /plugin install owner/repo to install from GitHub"), which means the agent can fetch and load untrusted, user-provided third‑party content (plugins/agents/skills) as part of its workflow.