developing-nextjs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required documentation demonstrates runtime fetching and processing of arbitrary third‑party URLs (e.g., references/SAAS-AI-INTEGRATION.md's convertImageToBase64 using axios.get(imageUrl), NEXTJS-GUIDE.md and other files showing fetch() calls and rewrites to external-api.com), meaning the agent would ingest untrusted external/user-provided content that can influence processing and follow-up actions.