2d-or-3d-force-graph-with-lit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The component explicitly fetches and ingests JSON from arbitrary remote locations in refresh() (script tag src and the src attribute, e.g., fetch(url) / fetch(this.src)) and also accepts dropped files, and it parses that untrusted/user-provided JSON and renders/interprets node fields (e.g., node.name) as part of its UI, exposing the agent to indirect prompt-injection from public/user content.