claude-plugins

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports installing and loading external plugins from public GitHub/Git URLs (see "Plugin Sources" and commands like "/plugin marketplace add owner/repo" and "/plugin install"), meaning the agent will fetch and read untrusted third-party repository content (manifests, commands, hooks) as part of its workflow and could be exposed to indirect prompt injection.