slidev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports embedding and fetching arbitrary public third‑party content (e.g., iframe layouts with url: in references/core-frontmatter.md and core-layouts.md, Tweet/Youtube components in references/core-components.md, and automatic bundling/caching of remote images in references/build-remote-assets.md), so the agent’s Slidev workflow will ingest and render untrusted, user-generated web content that could carry indirect prompt injection.