mermaidjs-v11

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill shows loading and rendering of external, public resources (e.g., CDN scripts from https://cdn.jsdelivr.net/, dynamic icon pack imports from https://esm.run/@iconify-json/logos, and use of the mermaid.ink rendering service) and also renders user-supplied diagram text, which means it ingests and interprets untrusted third-party content at runtime.