rpgjs-studio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's mandatory workflow and execution rules (SKILL.md) plus the references (e.g., references/events.md, references/maps.md, references/media.md) explicitly require calling project endpoints such as GET /api/maps, GET /api/maps/:mapId/events, and GET /api/media?query= to read live project/media/event/database records (user-generated/untrusted content) and to inspect those responses to decide how to build requests and choose next actions.