nextjs-expert

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs and code examples explicitly ingest external, potentially user-generated content (e.g., fetch('https://api.example.com/posts') and the "Blog with Webhook CMS" example at app/api/cms-webhook/route.ts and the revalidation route app/api/revalidate/route.ts), and show handling POSTed JSON from third-party webhooks to call revalidatePath/revalidateTag (i.e., external content directly driving server actions), which means untrusted third-party content can materially influence runtime behavior.