create-cowork-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and examples explicitly require configuring MCP servers and remote endpoints (e.g., .mcp.json entries like "https://api.githubcopilot.com/mcp/" and "https://mcp.asana.com/sse") and includes agents/commands that read and act on ticket/third-party data (ticket-analyzer, commands that "Check ~~project tracker for open tickets" and use Read/Grep/HTTP), so the agent is expected to ingest untrusted, user-generated third-party content that can materially influence its actions.