audit-agents

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly discovers and ingests agent sources from marketplace repos, single-plugin repos and global plugin directories (e.g., ~/.claude/plugins/) and then reads YAML/frontmatter, descriptions, and tool configurations as part of its audit workflow, which exposes it to untrusted third-party agent content that can influence auditing decisions and spawned subagents.