slides-revealjs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports loading arbitrary external webpages (e.g., data-background-iframe in references/backgrounds.md and data-preview-link / iframe lightbox in references/lightbox.md) and documents exposing/using window.postMessage for API/event exchange (references/config.md), so untrusted third‑party pages can be fetched and can send messages that materially affect the presentation behavior.