plugins

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests public third‑party content — e.g., /plugins add --from https://github.com/... and the Agent-skill workflow (Step 2: validate and parse SKILL.md, plus running setup-external.sh / git clone) and /plugins sync reading known_marketplaces.json/installed_plugins.json — and then uses that parsed data to update manifests and run bootstrap/setup actions, so untrusted repo/marketplace content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill supports adding agent-skills from git URLs (e.g., https://github.com/nextlevelbuilder/ui-ux-pro-max-skill) which are git-cloned at runtime (setup-external.sh / /plugins add) and the fetched repository SKILL.md dictates agent prompts/behavior, so remote content directly controls prompts and is a required runtime dependency.