reactuse

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly documents runtime hooks that fetch and ingest external/untrusted content — e.g., useScript("https://example.com/script.js"), useImage("https://example.com/image.png"), useEventSource("/sse"), and useQuery/useAsync examples that perform fetches — which will load arbitrary third‑party resources or messages and can trigger callbacks/onSuccess/onMessage that materially change behavior.