astro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes explicit runtime fetches of external APIs/CMS (e.g., fetch('https://api.example.com/products') and fetch('https://cms.example.com/api/posts') shown in references/content-collections.md and fetch('https://api.example.com/data') in the Basic Syntax), and those loader examples ingest and render remote content into collections/pages—meaning untrusted third-party content would be read and could influence site generation/behavior.