multi-tv-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches dynamic content from an external catalog API (see packages/shared-ui/src/data/moviesData.ts which calls fetch('https://api.example.com/catalog.json') and the "Content Discovery: Dynamic content loading from external catalog API" sections), meaning untrusted third-party content is ingested and used to drive UI and playback decisions.