react-native-executorch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and processes open public URLs (e.g., ResourceFetcher.fetch for model downloads and examples like model.forward('https://url-to-image.jpg'), FileSystem.downloadAsync('https://some-audio-url.com/...') and HuggingFace model collections referenced in SKILL.md), so untrusted third-party content is ingested and directly influences model outputs and downstream tool actions.