data-client-react

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly demonstrates and instructs using hooks (useSuspense/useFetch/useLive/useController) to fetch external public APIs — e.g., GET https://jsonplaceholder.typicode.com/todos/... and IssueList owner="facebook" repo="react" — so the agent ingests untrusted third‑party content that can influence subsequent actions.