dotnet-webhint

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly instructs running webhint against runtime targets (e.g., "hint https://localhost:3000" and "npx hint -c ./.hintrc https://example.com"), which requires fetching and interpreting arbitrary preview or deployed URLs (untrusted third‑party web content) that can materially influence audit actions and follow-up decisions.