moonbit-js-binding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's main documentation and workflow (Phase 4: "Standard pattern — FFI returning Promise + async wrapper" in SKILL.md and its example test) explicitly show fetching arbitrary HTTP URLs (e.g., fetch("https://example.com")) and loading npm modules via require/#module, meaning the agent is expected to ingest untrusted public web/npm content at runtime which could influence behavior.