supabase-nextjs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill fetches and displays user-generated, untrusted content from a third‑party Supabase backend (e.g., src/db/queries/posts.ts getPublishedPosts/getPostById, the RealtimePosts subscription in the client component, and avatar storage/getAvatarUrl), so arbitrary external data is ingested and rendered at runtime.