eleventy-nunjucks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's reference docs include explicit patterns that fetch and ingest public, user-generated content (e.g., "Async fetch (use sparingly)" in references/data-cascade.md showing fetch("https://api.github.com/..."), the async fetchTitle example in references/filters.md, and advice in references/eleventy-config-api.md to "fetch current Eleventy and Nunjucks docs"), which means the agent workflow can read and act on arbitrary third‑party webpages/APIs at build time and thus could be influenced by untrusted content.