software-mansion-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs downloading and processing arbitrary remote resources (e.g., ResourceFetcher.fetch examples in on-device-ai/core-utilities.md and ResourceFetcher usage, model loading from remote URLs in on-device-ai/reference-models.md, and FileSystem.downloadAsync / model.forward calls that accept https image/audio URLs) — untrusted third-party content that the agent is expected to ingest and that can influence model behavior or trigger tool calls.