react-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes code that fetches and ingests external URLs (e.g., the useApi(url) example in references/hooks-patterns.md and fetch calls in references/server-components.md like fetch('https://api.example.com/...')), which clearly reads third‑party/public API responses (untrusted content) that components are expected to use and interpret at runtime.