etsy-listing-generator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The renderer accepts HTTP image URLs via the batch JSON fields ("file"/"image"/"url") and inserts user-provided title/subtitle/badge text into the HTML templates (which are rendered by Playwright and also load external Google Fonts), so it will fetch and render arbitrary external/user-supplied content from the open web.