web-realtime-socket-io

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime patterns explicitly connect to remote Socket.IO servers (e.g., io(SOCKET_URL) in examples/core.md and examples/rooms.md) and register handlers for user-generated events like "chat:message" and "room:message", meaning it ingests untrusted third-party content from arbitrary sockets as part of normal workflow.