active-storage-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill accepts and processes untrusted user-generated file uploads (e.g., form_with file_field :avatar, direct_upload: true; controller params permitting :avatar; and displays user.avatar.variant in views), so it ingests and renders third-party content that could carry indirect prompt-like instructions.