manage-marketplace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly instructs Claude Code to fetch and ingest marketplace catalogs and plugin artifacts from public third-party sources (see "Step 4: Publishing to GitHub" and the "Source Types" section listing github, npm, and url, and the /plugin marketplace add owner/repo workflow), meaning untrusted GitHub/npm/URL-hosted content and SKILL.md files are read and used to install/activate plugins that can materially affect agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). This skill explicitly fetches marketplace catalogs and plugin code at runtime from external git URLs (e.g., https://github.com/owner/repo and https://gitlab.com/owner/repo.git), and those fetched manifests/plugins can supply skill instructions or executable components that directly alter agent behavior or run code.