axiom-cloudkit-ref

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes code and guidance that reads from CloudKit public and shared databases (e.g., CKContainer.default().publicCloudDatabase and .sharedCloudDatabase and examples using queries/records/assets), which are sources of untrusted, user-generated content that the agent would fetch and interpret at runtime.