built-in-ai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The package includes scripts/fetch-idls.js which explicitly fetches IDLs from public URLs (e.g., https://raw.githubusercontent.com/webmachinelearning/… ) and the README / SKILL.md workflow instructs maintainers to run "npm run update-idls" so the agent-consumed SKILL.md is updated with that third‑party content (which the agent is told to treat as the source-of-truth), allowing external, untrusted changes to materially influence agent behavior.