photokit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes numerous required patterns that fetch and load arbitrary open-web resources (e.g., ImageLoader.fetch/from URLSession in references/image-loading-caching.md and AsyncImage/AVPlayer(url:) examples and HLS streaming in references/av-playback.md), which clearly ingests untrusted third-party content (remote images/videos) as part of the runtime workflow and can influence playback, UI state, caching, and subsequent actions.