tanstack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and reference files explicitly show route loaders and query functions that fetch and stream data from external endpoints (e.g., fetch('https://api.example.com/todos'), fetch(`/api/chat/${sessionId}``) and loader examples in Data Loading), so the agent will ingest untrusted third‑party responses as part of loaders/queries that can drive redirects, component rendering, and subsequent tool actions.