mobile-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's examples explicitly ingest untrusted, user-generated runtime content — e.g., useChatRoom in "Social App with Real-time" reads messages from a socket.io server (process.env.EXPO_PUBLIC_WS_URL) and usePushNotifications in "Native Features" reads notification payloads (response.notification.request.content.data) and may call router.push(data.screen), so external content is parsed and can directly change app behavior.