web-frameworks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and referenced docs explicitly show runtime fetches and third-party resource loads (e.g., fetch('https://api.example.com/posts') in references/nextjs-data-fetching.md and external Script src examples like https://www.googletagmanager.com/gtag/js in references/nextjs-optimization.md), so the skill's workflow consumes and renders untrusted/public web content which could materially influence behavior.