azure-communication-chat-java

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md and examples explicitly show reading and iterating over arbitrary user-generated chat content (e.g., threadClient.listMessages() / chatThreadClient.listMessages() and getMessage in SKILL.md and references/examples.md), meaning the skill ingests untrusted third-party messages from Azure Communication chat threads that could influence actions like sending replies, read receipts, updates, or other tool use.