axiom-background-processing-ref

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill includes code that downloads and processes arbitrary external URLs via Background URLSession (see downloadFile(from url: URL) and backgroundSession.downloadTask(with: url) and the processDownloadedFiles / urlSession(_:downloadTask:didFinishDownloadingTo:) handlers), meaning it clearly ingests untrusted third-party content the agent would read/interpret.