nextjs-project-starter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 4 "Version & Docs Verification" explicitly instructs the agent to use WebSearch/Exa to fetch npm/docs, migration guides, and known-issues from the open web and to base installation/version decisions on that content, which means untrusted third‑party pages could be read and materially influence actions.