lit-sheet-music

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The component's getMusic() will fetch arbitrary remote URLs from the src attribute (see fetch(this.src) in sheet-music.ts and the index.html example using a raw.githubusercontent URL), so it directly ingests untrusted third-party MusicXML/HTML content for rendering.