push-notifications

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's service-extension and notification-handling code (references/rich-notifications.md and references/notification-patterns.md) explicitly fetches and processes arbitrary URLs from APNs payload userInfo (e.g., imageUrl/senderImageUrl via URLSession) and reads userInfo fields like chatId/action to drive deep-linking and perform actions, meaning untrusted third‑party content is ingested and can materially influence behavior.