live-composing-smelter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's docs and required workflow show runtime ingestion of arbitrary third‑party content — e.g., references/components/WebView.md and references/resources.md describe registering a WebRenderer with a URL to render live websites, references/components/Image.md/Mp4.md allow remote URLs for media, and references/hooks/useBlockingTask.md includes an example fetching https://example.com/subtitles.json which is read and rendered into the scene — all of which let untrusted web content influence rendering and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The Web WASM runtime explicitly requires fetching a WebAssembly bundle at runtime via setWasmBundleUrl('/smelter.wasm'), which downloads and executes code the skill depends on.