ios-platform-capabilities
Warn
Audited by Snyk on May 14, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's push-notifications deep dive (references/ios-push-notifications.md) shows a Notification Service Extension that downloads an arbitrary URL from the APNs payload (request.content.userInfo["image_url"]) and then processes/attaches it and routes based on userInfo, which clearly ingests untrusted third‑party content that can influence app behavior.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata