base-ui-overview-quickstart

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md (see "Release Snapshot" / "Drift checks" and "Canonical references") explicitly directs the agent to confirm and compare public pages such as https://base-ui.com/react/overview/releases, https://base-ui.com/llms.txt and the GitHub changelog, meaning the agent is expected to read external, public third‑party content that could contain untrusted or user‑contributed instructions.