phoenix-api-channels

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's Channel code (e.g., MyApiWeb.RoomChannel handle_in "message:new", push/broadcast, and Presence.list) accepts and broadcasts arbitrary user-provided message bodies over WebSocket channels, so the agent will read untrusted, user-generated third-party content.