core-ml

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly includes runtime remote model download and loading (patterns.md: ModelUpdater.downloadModel and templates/MLModelManager.compileAndCache + model(at: URL)), which fetches and loads arbitrary .mlmodel/.mlmodelc files from remote URLs so untrusted third‑party content can be ingested and materially affect predictions and agent behavior.