ios-workflow-executor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to open Safari and navigate to arbitrary URLs from the workflow (Phase 3: "Open Safari and navigate to [URL]") and to perform web searches and visit reference examples (Phase 4: "Search for reference examples using WebSearch" / "Visit 2-3 reference examples"), so it ingests untrusted public web content that can materially influence tool use and next actions.