sanity-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests external, user-generated content (e.g., references/migration-html-import.md shows fetching HTML from WordPress and downloading external images via fetch(imageUrl), and references/functions.md shows handlers and Agent Actions that read event.data and call client.agent.action.generate or external webhooks), so untrusted third‑party content is read and used to drive automated actions.