nuxthub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes runtime examples that fetch and ingest untrusted third-party content—e.g., the getStars function that uses $fetch(https://api.github.com/repos/${repo}) (arbitrary public repo data) and blob APIs (blob.get, blob.handleUpload) which read user-uploaded/public files—so the agent may read/interpret external user-generated or public-web content.