ios-cloud-sync

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and examples (see references/cloudkit-api-reference.md "Public Database" section and the performInitialSync / query examples) explicitly show querying and ingesting records from CloudKit public databases — untrusted, user-generated content that the agent is expected to read and act on, so it could carry indirect instruction injection.