swift-app-lifecycle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's ForceUpdateChecker (templates/ForceUpdateChecker.swift) includes RemoteJSONVersionChecker which uses URLSession to fetch and decode JSON from an external URL (the default https://api.example.com/app-config used by UpdateCheckModifier), and that parsed, potentially untrusted remote content is used to set UpdateRequirement that can block the app or change runtime behavior (hard/soft update UI).