multiplayer-building

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's BuildingNetworkClient opens a WebSocket to an arbitrary server (client.connect(serverUrl) in scripts/building-network-manager.js) and directly parses and applies incoming JSON messages in onmessage/handleStateUpdate/handlePieceUpdated, so untrusted third-party servers or players can send runtime content that materially influences behavior.