axiom-app-intents-ref

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's documentation explicitly describes ingesting content from the open web (e.g., the "Get recipe from Safari" example in the Follow-Up Feature and the "Use Model" action that passes entity JSON to models), meaning arbitrary public web pages/user-generated content can be read and interpreted by the model.