bot-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's moderation and conversation examples (references/moderation-system.md and references/architecture-patterns.md) explicitly read and act on untrusted user-generated chat content (message.content, URL extraction/expansion and conversation state machine responses), which the agent would ingest and use to decide or trigger actions like mutes/kicks/bans—creating a clear vector for indirect prompt injection via third-party messages/URLs.