salesforce-web-app-feature

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to load and "follow its instructions" from README.md/AGENT.md inside installed npm packages (node_modules//README.md or AGENT.md) and to copy files from node_modules//dist, which are untrusted third‑party package contents that the agent must read and act on.