creating-plugins

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly documents and requires plugin network access and URL ingestion — e.g., ctx.http.fetch calls in src/sandbox-entry.ts and the "External API Proxy" example in references/api-routes.md, plus Portable Text "Link Preview" blocks and Block Kit admin forms that accept arbitrary URLs — so plugins can fetch and interpret untrusted, user-provided third‑party content that may influence behavior.