axiom-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill's app-intents-ref.md explicitly describes the "Use Model" flow (Apple Intelligence: Use Model → Follow-Up Feature) that ingests content from Safari ("Get recipe from Safari") — i.e., arbitrary public web pages — and passes that untrusted third‑party content to models/actions that can materially influence subsequent tool actions (extract ingredients and add to a grocery list), which is documented in the skill's required reference material.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill explicitly covers in-app purchases and StoreKit (including "In-app purchases, subscriptions", "StoreKit 2 API reference", "Implement in-app purchases with StoreKit 2") and even references launching IAP implementation/auditor agents. StoreKit is a specific payments API used to execute purchases/subscriptions, so this skill provides explicit financial execution capability.