axiom-app-intents-ref

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly describes the "Use Model" and "Follow-Up Feature" flows (e.g., "Get recipe from Safari" → "Use Model: 'Extract ingredients list'") where arbitrary web/Safari content is passed to a model and then used to drive subsequent actions, so it ingests untrusted third‑party web content that can influence behavior.