lime-echart

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow (SKILL.md step 4: "Follow the specific instructions in that example file") points to example files such as examples/advanced/dynamic-data.md and templates/advanced-chart.md which explicitly call uni.request to external URLs (e.g., https://api.example.com/chart-data) and then ingest that response into chart options, meaning the skill's execution expects fetching and interpreting untrusted third-party web data that can materially influence tool behavior.