htmx

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md clearly shows runtime fetching from third-party endpoints (hx-get/hx-post, ws-connect, sse-connect and examples like /posts?page=2 and /modal/user-form) and explicitly documents server-controlled response headers (HX-Redirect, HX-Trigger) and out-of-band swaps that allow untrusted/public server or user-generated responses to drive client behavior and subsequent actions.