web-components-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill includes multiple components that directly fetch and consume data from arbitrary URLs specified via attributes—e.g., DataDisplay.loadData, DataTable.loadData, InfiniteList.loadPage, and the AsyncButton example use fetch() on data-url/next-url attributes—so it clearly ingests untrusted third‑party content provided at runtime.