swiftlint

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly documents loading remote configuration via HTTPS (see "Remote Configuration" in references/adoption-and-configuration.md and the "Multiple Configurations" section), so the agent may fetch and apply arbitrary third-party .swiftlint.yml content that can change linting rules and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill recommends adding the SPM build tool plugin via the package URL https://github.com/SimplyDanny/SwiftLintPlugins which is fetched and executed during builds (plugin code runs as part of the build), making it a runtime external dependency that executes remote code.