base-ui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required "Use Pattern" step 5 explicitly tells the agent to "Use references/links.md for issues and release notes before shipping," and references/components.md and references/links.md contain public URLs (including GitHub issues/releases) that are user-generated or public web content the agent is expected to consult, so third-party content could materially influence decisions.