x-chat-provider

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's core workflow requires configuring XRequest to call external APIs (e.g., SKILL.md Step 4 and examples in reference/EXAMPLES.md using URLs like "https://your-api.com/chat", the OpenAI and DeepSeek endpoints) and includes parsing/transforming streamed SSE responses (transformStream/transformMessage), so it clearly ingests untrusted third‑party content that can influence the agent's messages and behavior.