axiom-push-notifications-ref

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's UNNotificationServiceExtension example explicitly reads an "image-url" from incoming notification payloads (content.userInfo) and downloads it via URLSession, and the notification handler examples route based on userInfo—both demonstrate fetching and acting on untrusted, third-party notification payloads/URLs as part of the runtime workflow (SKILL.md service extension and delegate code).