moai-baas-convex-ext

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's runtime Convex functions (e.g., getRoomActivity, updateDocument, applyEdit) explicitly read and act on user-generated content from the application's public rooms/messages/documents (ctx.db queries on "messages" and "documents"), so untrusted third-party content can influence updates, broadcasts, and other actions.