stimulus-controllers

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly includes an "AJAX Updates" pattern that performs fetch(this.urlValue) and assigns response.text to this.element.innerHTML, which shows the controller will ingest arbitrary/untrusted third-party URLs (AJAX) and can materially change UI/behavior based on that content.