convex-file-storage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts and stores arbitrary user-provided files via the client upload flow (handleUpload / ImageUploader → saveFile / ctx.storage) and serves them back in FileDisplay (rendering file.url in or ), and it also fetches images from an external API in generateImage (fetch("https://api.example.com/generate")), so it clearly ingests and displays untrusted third‑party content.