neutralinojs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill documents APIs that load or fetch arbitrary remote content—e.g., window.create(url) and the config "url" can load remote pages into the app, os.open(url) opens external URLs, and updater.checkForUpdates(url) fetches update manifests from a provided URL—so the agent/app would read and render untrusted third‑party content.