grapesjs-studio-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly shows runtime ingestion of public third‑party content (e.g., Asset Providers in rules/configuration/assets/asset-providers.md that fetch from external APIs like https://picsum.photos and the component example that fetches from https://dummyjson.com/products) and then reads and renders that data into the editor UI/workflow, which meets criteria for untrusted user‑generated content that can influence actions and tool behavior.