cloudsignal-websocket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required generated code (references/mqtt-context.tsx and SKILL.md) explicitly connects to the public CloudSignal WebSocket MQTT broker (wss://connect.cloudsignal.app:18885/), subscribes to user-specific topics, and parses/routes incoming JSON messages from external publishers (potentially user-generated), which the app is expected to interpret and act on—so untrusted third-party content can influence behavior.