convex-file-storage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill directly fetches and ingests arbitrary, user-supplied public URLs (e.g., fetch(args.url) in fetchAndStore, processAndStoreImages' imageUrls, and the /webhook/file-ready handler that fetches fileUrl), so untrusted third‑party content is pulled into the runtime workflow and can influence subsequent storage and processing.