swiftui-webkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's main documentation (SKILL.md and references/navigation-and-javascript.md) shows loading arbitrary HTTPS pages via WebView(url:) and WebPage.load(URLRequest:), running callJavaScript on page content, and using JS-driven callback URLs (e.g., app-event://...) that native navigation deciders parse — all of which clearly accept and act on untrusted third‑party web content.