lcsc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly queries the public jlcsearch API (https://jlcsearch.tscircuit.com) and downloads/parses datasheets from LCSC's public CDN (wmsc.lcsc.com) as part of its required workflow (see SKILL.md and scripts/fetch_datasheet_lcsc.py and scripts/sync_datasheets_lcsc.py), so untrusted third‑party content is fetched and interpreted and can influence downloads and subsequent tool actions.