update

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly runs git pull on the marketplace clone (MARKETPLACE_DIR="$HOME/.claude/plugins/marketplaces/motion-creative") and rsyncs the repo's Plugin/ directory into the local cache, thereby ingesting untrusted third-party GitHub repo content that can change plugin behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs git pull against the marketplace clone's origin remote (the GitHub repository URL configured in $MARKETPLACE_DIR — e.g. git@github.com:org/motion-creative.git or https://github.com/org/motion-creative.git), then rsyncs the fetched Plugin/ files (skills/prompts and MCP server) into the local cache, so remote content fetched at runtime can directly change agent prompts and execute code.