websockets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md server examples (e.g., the Node.js wss.on('message' ...) echo/broadcast handler, the Python async for message loop, and the Socket.IO socket.on(...) handlers) explicitly parse and act on arbitrary messages received from external WebSocket/Socket.IO clients, so untrusted third‑party user-generated content can be ingested and materially influence behavior.