heroui-react

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to "Always fetch component docs" and includes scripts (scripts/get_component_docs.mjs, scripts/get_docs.mjs, scripts/get_source.mjs, etc.) that fetch MDX/docs from public URLs (https://v3.heroui.com, https://mcp-api.heroui.com and raw GitHub URLs), so the agent will read and act on open, third‑party web content that can materially influence implementation and actions.