hyva-ui-component

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md Step 4 and Step 5.5) explicitly reads and parses {hyva_ui_path}/components/{component}/{variant}/README.md and then automatically applies configuration (merging view.xml, copying/merging files) and installs dependencies based on that README content, so untrusted third‑party component README files can directly influence tool actions.