makepad-widgets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill shows explicit patterns that fetch and render external, untrusted content (e.g., Citation.set_url calling fetch_metadata to asynchronously fetch title/favicon from a URL, dynamic Markdown/Html via set_text including the "Streaming Markdown (SSE)" pattern, and link handling that opens arbitrary URLs), so the agent would ingest and display third‑party web/user-generated content.