apple-dash-docsets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime workflow (scripts/run_workflow.py and SKILL.md) explicitly uses HTTP and URL/service fallbacks and references public GitHub/raw.githubusercontent.com feeds (references/catalog_user_contrib_docsets.json and references/catalog_cheatsheets.json) plus dash_url_install.py/dash_url_search.py, meaning it fetches and ingests untrusted, user-contributed web content which can influence search/install decisions and subsequent actions.