ai-elements

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill renders and processes arbitrary user/third-party content at runtime — e.g., MessageResponse (renders message.content via Streamdown), PromptInput (accepts pasted/drag-and-dropped files, globalDrop and uploads producing FileUIPart URLs), and ToolOutput (renders tool results/React elements) — so untrusted/user-generated content will be displayed and interpreted by the agent.