lcsc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required scripts (scripts/fetch_datasheet_lcsc.py and scripts/sync_datasheets_lcsc.py) call the public jlcsearch community API (https://jlcsearch.tscircuit.com) and LCSC endpoints/CDN (https://wmsc.lcsc.com and https://www.lcsc.com), download and parse third‑party datasheet PDFs and product pages, and use the extracted text/metadata to verify parts, choose filenames, and drive fallback/download decisions—i.e., untrusted external content is fetched and directly read/interpreted as part of the core workflow.