emdash-cms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted public content via the WordPress importer (see "WordPress Migration" with npx emdash import:wordpress --url ...) and exposes plugin capabilities like http:fetch and Portable Text rendering/MCP server that cause the agent to read and act on user-generated third‑party content, so such content could materially influence agent behavior.