data-client-react

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md includes concrete examples fetching and subscribing to public endpoints (e.g., "GET https://jsonplaceholder.typicode.com/todos/5" and useLive/useSubscription) and shows using fetched responses to drive behavior (e.g., ctrl.fetch then navigateToPost(post.id)), so untrusted third‑party content can be ingested and materially influence actions.