app-router

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples (e.g., examples/dynamic-routes.md) show pages fetching and rendering external API data such as fetch(https://api.example.com/posts/${slug}) and then reading post.content/post.title into the page and metadata, which demonstrates ingesting untrusted/public third‑party content as part of the app's runtime behavior.