active-storage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md Step 4 and reference.md "Attaching File/IO Objects" explicitly show downloading and attaching files from arbitrary URLs (e.g., record.avatar.attach(io: URI.open("https://example.com/photo.jpg"))), and the workflow instructs the agent to open/process/analyze those fetched files, so untrusted third‑party content can materially influence processing and subsequent actions.