bknd-client-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples configure a user-specified backend host (e.g., host: "https://api.example.com", NEXT_PUBLIC_BKND_URL/VITE_BKND_URL) and call api.data.readMany in components like PostList/TodoList to fetch and render backend-provided posts/todos, which can be arbitrary/untrusted user-generated content that the agent will read and interpret.