artifacts-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.75). The runtime workflow runs scripts/bundle-artifact.sh, which installs bundling dependencies via pnpm add -D ... from the public npm registry and then runs Parcel/html-inline to inline the resulting package code into bundle.html (LLM-readable JS/CSS), so outsider-authored free text/code from third-party packages can enter the LLM context via the generated artifact.