unity-data-driven

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "JSON Data Pipeline" decision and its scaffolds (e.g., the WaveLoader that loads waves.json and the note about "remote URL at runtime" plus references/data-pipeline-patterns.md's StreamingAssetsLoader and mentions of web APIs/modding) explicitly describe loading untrusted/user-provided JSON/CSV from external sources that the game/agent uses to drive behavior, so third-party content can influence runtime decisions.