textual

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill includes examples that fetch and display arbitrary public web content — notably the "Async Data Fetching" WeatherApp where on_input_submitted -> fetch_weather uses httpx to GET https://wttr.in/{city}?format=3 with a user-supplied city, and a generic fetch_data worker that performs client.get(url) and updates the UI with response.text — thereby exposing the agent to untrusted third‑party content.