web-frameworks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes concrete runtime examples that fetch and render external, potentially user-generated content (e.g., references/nextjs-data-fetching.md and references/nextjs-server-components.md show fetch("https://api.example.com/posts") and rendering post.content, plus use of public CDNs like https://cdn.jsdelivr.net/npm/remixicon), so an agent using these patterns would ingest untrusted third‑party content that could carry indirect prompt injection.