electron-app-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes runtime code that loads and displays external public web content (e.g., BrowserView.webContents.loadURL('https://example.com') and view2.webContents.loadURL('https://another.com'), shell.openExternal('https://electronjs.org'), and autoUpdater configured to fetch releases from GitHub), so it clearly consumes untrusted third‑party web content as part of its workflow.