plugin-structure

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly describes auto-loading plugin components and project files from external sources (e.g., installing plugins from npm/pip/git/marketplace URLs, GitHub/GitLab repos, and automatically loading project CLAUDE.md, plugin skills/commands/outputStyles), meaning the agent will ingest arbitrary third-party/user-provided files as runtime context.