plugin-installer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Adding New Plugins to the Catalog" workflow explicitly requires the agent to gather and read plugin information from public sources (npm registry, GitHub, web searches, READMEs, issues) and the plugin reference files include download/install instructions (e.g., GitHub Releases), so untrusted third‑party content is ingested and can materially influence installation/configuration actions.