dupe

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill sends user-provided product or image URLs to dupe.com and directly reads and returns the API's "matches" (titles, links, thumbnails and metadata aggregated from public retailer websites such as Wayfair, AllModern, Birch Lane), so it ingests and displays untrusted public web content that could carry indirect prompt-injection.