juicebox-upgrade-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The implementation guide explicitly instructs fetching and reviewing public release notes via the GitHub API (curl https://api.github.com/repos/juicebox-ai/sdk-js/releases/latest) and links to public migration docs (github.com and juicebox.ai), so the agent is expected to ingest untrusted, user-authored third-party content that can materially influence migration decisions and actions.