slidev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly allows embedding and fetching arbitrary external URLs and user-generated content—e.g., iframe layouts (core-frontmatter/core-layouts), remote asset caching of arbitrary image URLs (references/build-remote-assets.md), Tweet/Youtube components that render social content (references/core-components.md), configurable PlantUML server (references/diagram-plantuml.md), and using an external PDF via headmatter/download (references/build-pdf.md)—which the agent will ingest/display and can change build/export behavior, so untrusted third-party content could indirectly influence actions.