web-meta-framework-astro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's documentation and examples (SKILL.md and examples/content.md) explicitly show fetching and ingesting external public APIs (e.g., the "Custom Loaders" example with fetch("https://api.example.com/products"), the SSR example in src/pages/user/[id].astro that fetches https://api.example.com/users/${id}, and defineLiveCollection/myStoreLoader for live collections), and those external entries are read and rendered via getCollection/getLiveCollection/render or used to drive routing/redirects, so untrusted third‑party content can influence runtime behavior.