gpui-entity

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's main docs and examples (e.g., "Async Operations" in SKILL.md and the "Cancellation Patterns"/DataFetcher example in references/best-practices.md) explicitly call fetch_from_api()/fetch_from_url(&url) and place fetched results into entity state, which indicates it ingests arbitrary third-party URLs/content that can influence runtime behavior.