performance-profiling

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes runtime image loading from arbitrary URLs (AsyncImage(url: note.thumbnailURL) and CachedAsyncImage using Data(contentsOf: url)), which clearly fetches and displays untrusted third‑party content from arbitrary/public URLs.