skill-creator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to perform web research using "WebFetch + Explore" subagents (references/skill-creation-workflow.md Step 2) and supports installing/reading plugin marketplaces and plugins from arbitrary GitHub/git/URL sources (references/plugin-marketplace-sources.md and distribution guides), which means the agent will fetch and load untrusted public third‑party content into its workflow and could be exposed to indirect prompt injection.