react-native-executorch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests arbitrary remote third-party content (e.g., ResourceFetcher.fetch and model loading from 'https://...' in references/core-utilities.md and references/reference-models.md, remote image/audio inputs like model.forward('https://url-to-image.jpg') and FileSystem.downloadAsync('https://some-audio-url.com/file.mp3') in reference-audio.md/useVAD) and expects the agent to read/interpret that content (images, audio, models, OCR text) as part of its workflow, which can materially change behavior or downstream tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime model downloads (e.g., ResourceFetcher.fetch and useExecutorchModule loading model binaries from URLs such as https://huggingface.co/software-mansion/collections and example model URLs like https://.../llama3_2.pte), which are fetched at runtime and loaded/executed as required model artifacts that directly determine the agent's behavior.