plugin-forge

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's marketplace schema and workflows (references/marketplace-schema.md and workflows.md) explicitly allow plugin sources from GitHub or arbitrary URLs (e.g., "source": {"source":"github","repo":"owner/repo"} and generic "url" sources) and describe adding/installing marketplaces and plugins (/plugin marketplace add owner/repo, /plugin install ...), and the agent is expected to load and interpret plugin files (commands/, skills/, SKILL.md), so it would fetch and execute untrusted third‑party content.