cc-plugin-researcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs the agent to search and analyze public GitHub repositories (e.g., "gh search repo 'mcp'" and searching GitHub/awesome-claude-code), which are untrusted, user-generated third-party sources the agent will read and act on to generate reports and push changes, creating a clear avenue for indirect prompt injection.