ios-push-notifications

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's NotificationService and content-extension code in SKILL.md explicitly downloads and processes arbitrary URLs from incoming APNs payloads (request.content.userInfo["image_url"] via URLSession) and uses notification title/body/userInfo to populate UI, exposing the agent to untrusted third-party content from push payloads.