streaming-api-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests untrusted user-generated content at runtime—e.g., the WebSocket server handles arbitrary client messages via ws.on('message'), the LLM streaming endpoint reads 'messages' from incoming requests, and the SSE template calls fetchDataSource() to stream external data—so the agent will read/interpret third‑party content that could enable indirect prompt injection.