wordpress-pro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The references/plugin-architecture.md contains an UpdateChecker that calls wp_remote_get() to fetch https://example.com/api/plugin-updates/info.json and uses that remote JSON to decide and drive plugin update behavior, so untrusted third‑party content is fetched and can materially influence runtime actions.