active-storage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly shows ingesting untrusted third-party content (e.g., programmatic attachment from a remote URL via URI.open("https://example.com/photo.jpg") and user uploads via params[:avatar]) and then opening/processing those files (user.avatar.open / ImageProcessor.process), which means arbitrary external content would be read and acted on as part of the workflow.