shelf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes a WebSocket handler in references/patterns.md that accepts and json-decodes messages from external clients (user-generated/untrusted third-party content) and then switches on message "type" to perform actions like broadcast, so incoming content can be read, interpreted, and materially influence runtime behavior.