ai-elements

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly renders and acts on arbitrary public URLs: SKILL.md and references/integration.md show the chat flow mapping 'source-url' message parts to Source components and the API example uses toUIMessageStreamResponse({ sendSources: true }), and the package also includes a WebPreview iframe and external ModelSelector logos (fetched from https://models.dev), so the agent will display/consume untrusted third‑party webpages/URLs that could carry instructions influencing subsequent actions.