maintain-plugins

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests third‑party repository content (e.g., plugin_bootstrap.py clones https://github.com/richfrem/agent-plugins-skills.git into .vendor/ and sync_with_inventory.py reads vendor-plugins-inventory.json and vendor plugin SKILL.md/frontmatter), and those remote, public files are parsed and used to drive installs/cleanup decisions (deletions), so untrusted content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's bootstrap/sync logic can clone and pull a remote Git repository at https://github.com/richfrem/agent-plugins-skills.git at runtime (see plugin_bootstrap.py / Escalation Taxonomy), which fetches remote SKILL.md and executable scripts that can directly control agent prompts or be executed locally, creating a clear runtime supply-chain risk.