senior-frontend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes explicit examples that fetch and render external, arbitrary content—e.g., the DataFetcher component that does fetch(url), the SafeHTML component that renders sanitized HTML, and example Script tags loading analytics/chat widgets from external URLs—so it clearly demonstrates reading/including untrusted third‑party content that could carry indirect prompt injections.