plugin-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill documentation explicitly shows loading plugins/skills from public URLs (e.g., "claude plugin add https://github.com/v1truv1us/ai-eng-system"), describes opencode-skills auto-discovery/loading of skill content into sessions, and includes examples of OpenCode tools calling arbitrary external APIs via fetch, meaning the agent can ingest and execute untrusted, user-provided web content (GitHub/repos and external API endpoints) that could enable indirect prompt injection.