appwrite-typescript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SDK clearly allows the agent to read user-provided/untrusted content from an Appwrite instance—e.g., database rows via TablesDB.listRows/getRow, files via Storage.getFileDownload/listFiles (and public Permission.read(Role.any())), and real-time payloads via client.subscribe—which could contain arbitrary user-generated content that may indirectly inject instructions.