Skills
skills/4444j99/a-i--skills/realtime-websocket-patterns/Snyk

realtime-websocket-patterns

Warn

Audited by Snyk on Apr 19, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The skill's WebSocket server implementation in SKILL.md (websocket_endpoint at /ws/{room}) directly ingests arbitrary client messages via websocket.receive_json() and uses them to drive broadcasts and application logic, exposing the runtime to untrusted user-generated content from connected third parties.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 19, 2026, 03:24 AM
Issues
1