bubble-io-plugins

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs loading and executing third‑party resources (e.g., CDN scripts in assets/templates/header.html) and making/consuming external API responses in server-side actions (assets/templates/server-action.js and references to fetch/context.v3.request), meaning untrusted external content is ingested and can influence plugin behavior.