intlayer-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation and examples explicitly show fetching public URLs into dictionary content (for example "externalContent: fetch("https://example.com\").then((res) => res.json())" in references/concept_content.md / SKILL.md) and describes function-fetching and auto-fill behaviors where that remote, potentially user-controlled content is consumed and used by the AI/content system, so untrusted third-party content can influence runtime decisions and rendering.