building-a-html-element-sandbox-with-lit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's sandbox accepts template content that can include external scripts/styles and the README/example explicitly imports a remote module from https://www.unpkg.com/@material/... (and notes that a script can be added to load extra content), so the component can fetch and render arbitrary public third‑party content into the preview at runtime.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The HTML template includes a runtime import of a remote JS module (https://www.unpkg.com/@material/[email protected]/mwc-button.js?module) which executes code in the page and is required for the mwc-button component to function, so this is a runtime external dependency that executes remote code.