component-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and browses public 21st.dev pages (SKILL.md Step 1: WebSearch("site:21st.dev {QUERY}") / WebFetch("https://21st.dev", ...)) and then reads/presents full component source and install instructions (Step 3), meaning untrusted, user-contributed web content is ingested and can influence decisions/actions.