photokit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly loads and processes untrusted external content as part of its workflows — e.g., AsyncImage and the ImageLoader actor fetch arbitrary image URLs (references/image-loading-caching.md), AVPlayer/AVAsset examples play remote video URLs (references/av-playback.md), and PhotosPicker/Transferable flows ingest user-selected photos/videos (SKILL.md and references/photokit-patterns.md) — so third-party/user content is read and can influence runtime behavior.