websocket-implementation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's server and client examples in SKILL.md and references (notably references/nodejs-websocket-server-socketio.md and references/browser-websocket-client.md) explicitly ingest and parse arbitrary user-generated WebSocket messages (e.g., "chat:message", "room:join", "auth", "typing:start") and act on them (saving, broadcasting, joining/leaving rooms), so untrusted third-party client content can influence runtime behavior.