core-nfc

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's code and documentation explicitly read and process NDEF records from arbitrary NFC tags (see "NDEF Reader Session" readerSession(_:didDetectNDEFs:) and "Background Tag Reading" handling of userActivity.ndefMessagePayload), which are untrusted, user-programmable third-party sources whose URL/text/external payloads are parsed and fed into app state and flows and therefore can materially influence behavior.