service-worker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's service-worker examples and reference handlers (e.g., the fetch handlers in SKILL.md and references/caching-strategies.md that call fetch(event.request) and network-first/stale-while-revalidate flows, and the push handler in references/push-and-sync.md that parses event.data?.json() and uses notification.data.url to openWindow) show the worker ingesting and acting on arbitrary network responses and push payloads from third-party/untrusted origins, which could materially influence behavior like caching, responses, or opening pages.