hooks-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly supports executing third-party plugins and fetching external packages (references/opencode-hooks.md and SKILL.md describe loading npm plugins via opencode's bun install and npm packages listed in opencode.json) and also supports http handler hooks that POST to arbitrary URLs and use responses (SKILL.md / WorktreeCreate examples), so untrusted web/npm content is ingested at runtime and can influence tool decisions.