push-notifications

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's runtime code explicitly fetches and processes arbitrary URLs and notification payload fields from APNs (e.g., imageUrl/senderImageUrl downloaded via URLSession in references/rich-notifications.md's NotificationService and userInfo fields like "action", "chatId", "conversationId" used by NotificationDelegate/BackgroundNotificationHandler in references/notification-patterns.md), which are untrusted third‑party content that the app reads and acts upon (attachments, decrypted bodies, deep links, and background actions), enabling indirect injection of instructions.