x-chat-provider

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly configures XRequest to call arbitrary external endpoints (e.g., XRequest('https://your-api.com/chat') and examples for OpenAI/DeepSeek) and its transformMessage/transformParams logic (in SKILL.md and reference/EXAMPLES.md) consumes and interprets response chunks, so untrusted third‑party API content can directly influence agent outputs and actions.