tanstack-db

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime sync examples clearly ingest and act on external, potentially user-generated data — e.g., references/Creating a Collection Options Creator.md shows initialSync() calling fetchInitialData(), the WebSocket collection example opens a WebSocket to config.url and JSON-parses incoming messages, and references/Electric Collection.md uses shapeOptions.url and awaitMatch to inspect Electric stream messages — all of which read untrusted third-party content and use it to drive commits, waits, and other actions.