create-view

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation explicitly includes a "Web View" (see "Real-World Examples — Web View (webview.tsx)") with a URL input, navigation controls and webview navigation event handling, which allows loading arbitrary external webpages (untrusted third-party content) into the view and thus can influence UI behavior and subsequent actions.