ios-workflow-executor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs the agent to open Safari and navigate to arbitrary web app URLs from the workflows (Phase 3 "Open Safari and navigate to [URL]" and reading /workflows/ios-workflows.md) and to perform WebSearch and visit public reference examples (Phase 4 "Search for reference examples... Visit 2-3 reference examples"), meaning it will fetch and interpret untrusted public web content that can materially influence testing and fix decisions.