hugo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Quick Start and templates explicitly require fetching a public GitHub theme as a git submodule (e.g., git submodule add https://github.com/adityatelange/hugo-PaperMod.git in SKILL.md), and the docs also show runtime remote content usage (Sveltia CMS CDN script in references/cms-integration.md and a getJSON "https://api.example.com/posts" example in references/advanced-topics.md), so the workflow clearly ingests untrusted third‑party content that the site build/runtime will read and could influence behavior.