developing-claude-code-plugins

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly supports installing plugins and marketplaces from public GitHub repositories and arbitrary marketplace URLs (see "Option A: Direct GitHub distribution" and marketplace "source":"url" -> "https://github.com/..."), and the patterns state that SKILL.md and reference files from those plugins are loaded into the agent's context, so untrusted third‑party content could be ingested and used at runtime.