capacitor-push-notifications

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's code examples show the app downloading and processing external content from notification payloads (e.g., NotificationService.swift downloads an image from request.content.userInfo["image"] and other handlers read action.notification.data and data-only messages in FirebaseService to drive performBackgroundSync/checkForUpdates), which clearly ingests untrusted third-party URLs/payloads and uses them to determine runtime actions.