expo-modules

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes a downloadFile(url, filename) function that calls FileSystem.downloadAsync(url, ...) (and readFile that reads the downloaded file), which lets the agent fetch and ingest arbitrary/untrusted URLs from the open web.