websocket-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill accepts and processes arbitrary JSON messages from external users over the WebSocket endpoint (websocket.receive_json() in /ws/{lobby_code} and handle_message), so it ingests untrusted, user-generated third-party content that could carry indirect prompt injection.