browserenginekit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime workflows show the agent loading and processing arbitrary web content—e.g., WebContentExtension/WebContentProxy.loadURL, the NetworkingExtension using URLSession, BEWebAppManifest(jsonData:manifestURL:), and BEDownloadMonitor(sourceURL:)—which ingest untrusted public web pages/manifests that the engine parses/executes and can influence subsequent behavior.