imsg

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly describes sending/receiving messages via macOS Messages (iMessage), which means the agent will ingest and act on user-generated iMessage content from other users that could contain instructions affecting its behavior.