slidev-interactive

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's iframe workflow explicitly allows loading any publicly accessible URL as the iframe source (see references/iframe-mocks.md "Loading External Mocks from URLs") and includes postMessage handlers where messages from the iframe (third‑party pages) can be read and acted on (e.g., advancing slides via an 'advance' command), so untrusted external content can influence runtime behavior.