nextjs-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation includes multiple examples that fetch and render external API content (e.g., fetch('https://api.example.com/posts') in references/data-fetching.md and render unsanitized HTML via dangerouslySetInnerHTML with post.content in references/server-components.md), which demonstrates ingesting untrusted/ user-generated third-party content as part of its workflow.