uploadthing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts and ingests arbitrary user-provided files and external URLs (e.g., utapi.uploadFilesFromUrl) and exposes uploaded file URLs/content to the application (UploadButton/UploadDropzone and previews), meaning untrusted third‑party content is fetched and made available to the agent's workflow.