intlayer-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's documentation and examples explicitly show fetching external URLs and remote dictionaries (e.g., references/concept_content.md and examples like externalContent: fetch("https://example.com").then(res => res.json()), plus "location: 'remote'" and importMode 'fetch'), so it ingests untrusted public third‑party content as part of its content-generation workflow.