create-claude-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The guide instructs adding and installing plugins from public git/URL marketplaces (e.g., "/plugin marketplace add https://github.com/username/plugin-name", git clone examples, and marketplace.json sources) and describes loading SKILL.md, agent, and command files from those repos, which are untrusted user-provided third-party contents the agent would read and interpret.