spacetimedb-typescript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Procedures (Beta)" section explicitly shows a server-side procedure using ctx.http.fetch(url) to fetch arbitrary external URLs and insert/return response.text(), meaning the skill can ingest untrusted third-party web content (and earlier docs show subscribed/event table data and onInsert handlers that would let that content influence runtime behavior).