A prototype can only be modified by code that is actually being run. If you can get someone else's application to run code under your control, you've already won.
The security risk is you accept a JSON object from an API, that object gets merged with some set of defaults, oops turns out that object was specifically crafted to override the global __proto__ with some way of escalating privileges ({__proto__: {_isAdmin: true}}) and now you're owned.
It requires some knowledge of the inner workings of the system (in the above, you'd have to know that the auth provider checks for a cached `isAdmin` prop on some object before executing the authentication routine to generate it). But if your system is designed to only be secure if no-one knows the inner workings, you're probably owned anyways.
It requires some knowledge of the inner workings of the system (in the above, you'd have to know that the auth provider checks for a cached `isAdmin` prop on some object before executing the authentication routine to generate it). But if your system is designed to only be secure if no-one knows the inner workings, you're probably owned anyways.