denox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly supports fetching and executing remote, public modules (e.g., the "CDN Imports" example that does await import("https://esm.sh/zod@3.22") via Denox.eval_async and the documented ability to load npm/jsr packages and remote ES modules), so untrusted third‑party code from open web CDNs or URLs is ingested and executed in the runtime and can materially influence behavior (including callbacks into Elixir).