raycast-extensions

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md "Data Fetching" pattern and multiple example commands (e.g., examples/data-fetching.tsx using https://jsonplaceholder.typicode.com/posts, examples/grid-with-images.tsx using https://picsum.photos, and the core useFetch snippets) fetch and render content from public, user-generated third-party sources and then act on that content (displaying it as markdown, copying to clipboard, opening URLs), so untrusted external content can influence tool actions and behavior.