core-nfc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill reads and processes arbitrary NDEF data from physical NFC tags (see readerSession(:didDetectNDEFs:) / processRecord(:) and the background tag reading via scene(_:continue:)), which are untrusted third-party/user-generated content that the agent interprets and can act on (e.g., URLs, text, or NSUserActivity-driven app openings).