cometchat-native-customization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and read public GitHub files (see "Sample app reference" discovery commands and "You can also use WebFetch on the URLs above" plus the step "Read the .tsx file"), which means it ingests untrusted third-party content that the agent is expected to interpret and act on.