axiom-swiftui

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's documentation explicitly instructs embedding and loading arbitrary web content (e.g., WebView/WebPage examples and "page.load(URLRequest(url: articleURL))" plus "openURL(url, prefersInApp: true)") which means the agent/app would fetch and observe untrusted public web pages and can execute/inspect their content (including JavaScript), meeting the criteria for exposure to third‑party input.