cross-platform-builds

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and CI explicitly fetch public third-party code — e.g., the reproducible-build step that adds the JUCE submodule (git submodule add https://github.com/juce-framework/JUCE.git) and the GitHub Actions workflow that checks out the repo with submodules (actions/checkout@v3) — meaning untrusted, user-hosted code is ingested and executed as part of the build, which could materially influence tool behavior.