cordova-plugin-migrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). At runtime, this skill reads the Cordova plugin’s local source tree (e.g., plugin.xml, www/*.js, src/ios/*, src/android/*, and hook scripts) and then embeds extracted free-form text (method signatures, hook purposes, warnings/notes) into the YAML passed to the downstream capacitor-plugin-generator LLM context; that Cordova source is outsider-authored relative to the operating user.