message-modem

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and README explicitly show binding to external channels (e.g., ws.addEventListener('message', JSON.parse(e.data)) and window.addEventListener('message')/postMessage, and lists WebSocket, postMessage, Web Worker, Electron IPC, child_process) where arbitrary third-party message data is fed into receive/exec and can materially influence responses and actions.