sauve-jazz-extension

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's service worker explicitly fetches and ingests public RSS feeds and arbitrary external URLs (see Service Worker responsibilities: "background alarms (RSS fetch, maintenance)", the PageContent.sourceUrl / RSS feed metadata handling and host_permissions ["http:///","https:///"]), so it consumes untrusted third‑party content (RSS/website feeds and optional metadata APIs) that can influence app behavior (feed metadata, indexing, scheduling, and UI actions).