faststore-storefront

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs adding and consuming external, public APIs and scripts—e.g., references/extending-graphql-with-custom-resolvers.md shows resolvers that fetch from viacep and other arbitrary URLs and post to external endpoints, references/injecting-head-scripts-and-meta-tags.md allows injecting arbitrary third-party scripts via src/scripts/ThirdPartyScripts.tsx, and discovery.config.js lists public webhookUrls—so untrusted third‑party content is fetched and used as part of the runtime workflow.