1k-feature-guides

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The Notification System guide shows notification payloads may contain arbitrary public URLs and instruct the app to open them (modes 3-5, e.g., openUrlExternal/openUrlInApp/openInDapp) — see references/rules/notification-system.md and the payload examples — so the skill will load/display untrusted third‑party web content that can influence navigation/actions.