trpc-type-safety

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes endpoints and examples that ingest and display arbitrary user-generated content — e.g., trpc.post.create / posts.list, the onPostAdd WebSocket subscription, and file upload flows (uploadAvatar, multipart handler, getUploadUrl → client fetch to S3) — so the agent using this skill would read/interpret untrusted third‑party content at runtime.