webapp-loader-action

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly parses and acts on untrusted user-provided content (e.g., Object.fromEntries(await args.request.formData()) and new URL(args.request.url).searchParams) and dispatches behavior (intent-based actions, redirects, use-case execution) as shown in SKILL.md and references/templates.md, so third-party inputs can materially influence next actions.