interactive-deck-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly supports baking live data from arbitrary external sources (see SKILL.md "Capture real data first" workflow and references/data-sources.md which includes both build-time and runtime examples such as fetch("https://api.example.com/stats") and browser runtime fetch of CSV/JSON), and the framework wires that data into scene logic and UI (presentation.js / scenes.js), so untrusted third‑party content can be ingested and materially influence agent-driven behavior.