xrift-world

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's API Reference and Code Templates explicitly show components and hooks that ingest untrusted external content—e.g., VideoPlayer/VideoScreen/LiveVideoPlayer accept arbitrary video URLs (references/api-reference.md and references/code-templates.md) and useInstance/useInstanceEvent fetch and act on instance/world info and user-generated events—so runtime behavior reads third-party data that can influence navigation and in-world actions.