tauri-v2

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs explicitly show commands that fetch and process arbitrary external URLs—e.g., references/ipc-patterns.md's async fetch_data using reqwest::get(&url) and the download_file/download examples that accept a url—plus the capabilities reference describing http/remote URL permissions, so untrusted third-party content can be ingested and influence runtime behavior.