web-frameworks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's example code explicitly fetches and renders remote data and assets (for example references/nextjs-data-fetching.md and app/posts/[slug]/page.tsx call fetch('https://api.example.com/posts') and render post.content, and the docs show loading third‑party scripts/CDN assets like https://cdn.jsdelivr.net/... and Google/Facebook SDKs), so it clearly ingests/displaying untrusted third‑party content at runtime.