x-chat-provider

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs configuring XRequest to call arbitrary external endpoints (e.g., Step4 "Configure Usage" with XRequest("https://your-api.com/chat") and the OpenAI/DeepSeek examples) and the provider's transformMessage consumes streaming chunks from those third-party APIs, so untrusted external content is read and can influence agent behavior.