gtm-javascript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's GTM Custom HTML examples and utilities explicitly read and push page DOM and user-provided content (e.g., document.querySelector/waitForElement, element.innerText/href in trackClick, video titles, MutationObserver hooks and dataLayer pushes), which ingests arbitrary public or user-generated page content at runtime and could enable indirect prompt injection.