moai-framework-electron

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill configures electron-updater (see src/main/services/updater.ts) to check GitHub/S3 releases and reads UpdateInfo.releaseNotes which it sends to the renderer and dialogs—i.e., it fetches and displays remote, user-authored release notes from public third‑party sources (GitHub/S3), exposing the agent to untrusted third‑party content.