maintain-plugins

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from a public vendor repository (see plugin_bootstrap.py default repo URL https://github.com/richfrem/agent-plugins-skills.git and sync_with_inventory.py reading .vendor/.../vendor-plugins-inventory.json and vendor plugin files), and downstream scripts (bridge_installer.py, install_* functions, and append_monolithic_rules) parse markdown/frontmatter and inject that content into generated prompts/rules and agent artifacts — meaning untrusted third‑party files can materially influence agent prompts and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill (plugin_bootstrap.py and SKILL.md) performs runtime git clone/pull of https://github.com/richfrem/agent-plugins-skills.git which fetches remote plugin content that is then processed/installed by sync/bridge_installer scripts into agent prompts/rules (i.e., remote content directly controls prompts and is executed/installed at runtime).