axiom-swiftui-26-ref

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "WebView & WebPage" section explicitly instructs loading arbitrary URLs (e.g., WebView(url: articleURL) and page.load(URLRequest(url: articleURL)) with JavaScript execution and custom URL schemes, so untrusted public web content can be ingested and can influence observable page state and app behavior.