message-ws

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's MessageWs implementation attaches a 'message' listener that JSON.parse's incoming WebSocket data (src/index.ts) and the README/SKILL.md explicitly show handling/acting on received messages via exec, so arbitrary/untrusted WebSocket peers can supply JSON that the agent will interpret and that can materially change behavior.