webhint

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md workflow explicitly runs webhint against preview or deployed URLs (e.g., "npx hint https://example.com" and references to "preview or deployed URL" and "real audit target"), which fetches and audits arbitrary public web pages so untrusted third‑party content could influence audits and subsequent actions.