web-presentation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Reveal.js template and examples explicitly load and display arbitrary external content at runtime — e.g., data-background-iframe="https://example.com", external image URLs/data-background-image, external Markdown via data-markdown="slides.md", CDN imports (Chart.js, mermaid) and dynamic fetch(/api/slides/${slideId}) — meaning untrusted third‑party pages/files can be ingested and rendered as part of the presentation.