implementing-drag-drop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's "Paste from Clipboard" implementation (references/file-dropzone.md) parses pasted HTML and calls fetch(img.src) to retrieve images from arbitrary/public URLs provided by the user, meaning the agent will ingest and process untrusted third-party content as part of its workflow.