aframe-webxr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly loads and consumes third-party web content in its required docs and examples — e.g., SKILL.md and examples include external CDN imports (https://aframe.io/releases/1.7.1/..., cdn.jsdelivr.net), with remote src URLs (example.com/texture.jpg, gltf sources), and a networked-aframe "networked-scene" (multi-user data), so untrusted/public content is fetched at runtime and can influence scene behavior.