ti-howtos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow and reference docs include handling and ingesting arbitrary external content (e.g., HTTPClient/XHR in background services, URLSession.downloadTask in references/ios-platform-deep-dives.md, WebView remote content in references/web-content-integration.md, and Android deep-link handling/intent data parsing in references/android-platform-deep-dives.md's handleDeepLink), so untrusted third‑party URLs or intent payloads can be read and directly influence app behavior.