nextjs-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md "Before writing code" steps explicitly instruct the agent to fetch live, public third-party sites (https://nextjs.org/docs and https://www.catalyst.dev/ and web-search results), which the agent is expected to read and use to guide implementation decisions, exposing it to untrusted external content that could carry indirect prompt injections.