nextjs-project-starter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 4 workflow in SKILL.md explicitly instructs the agent to use WebSearch/Exa to fetch documentation, migration guides, and known issues from public sites (npm/docs and other third‑party docs URLs) and then uses those findings to choose dependency versions and installation actions, so external web content can directly influence decisions and tool use.