astro-content

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required docs and templates explicitly instruct using custom remote loaders that call arbitrary endpoints (see references/templates/custom-loader.md and references/loaders.md which show fetch(options.endpoint) to CMS/API URLs like https://api.example.com/posts), so the agent will ingest untrusted, user-generated web content as part of its workflow and that content can influence rendering and behavior.