thatopen-core-web-ifc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Quick Start (SKILL.md: "const data = new Uint8Array(buffer); // from fetch or fs.readFile") and example workflows (references/examples.md's loadIfc(url) which uses fetch(url)) explicitly load IFC files from arbitrary URLs, so the agent ingests and parses untrusted third-party model files (including names/properties) that can materially influence processing and actions.