ai-elements-chatbot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill's documentation and templates (SKILL.md "API Routes" With Tools snippet, the assets/api-route-template.ts examples including web search, weather API fetches and RAG, plus the Sources and WebPreview components) explicitly fetch and render arbitrary external URLs/HTML and incorporate those results into model prompts/responses, so untrusted third-party content can be ingested and influence tool use and next actions.