plugin-marketplace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly supports external plugin sources pointing to public GitHub repos and git URLs (see "Plugin Source Formats" and examples like source: { "source": "github", "repo": "owner/repo" }) and instructs installing/testing (e.g., "claude-code install ./"), which implies fetching and loading third-party, user-controlled plugin code that the agent would read/interpret and could materially influence behavior.