datocms-plugin-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's asset source example in references/asset-sources.md (UnsplashSource) explicitly fetches search results from the public Unsplash API and renders/uses user-generated image data (urls, alt_description, author) to drive uploads via ctx.select, so the agent ingests untrusted third-party content that can influence subsequent actions.