real-time-systems

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — the skill ingests arbitrary user-generated content via WebSocket handlers (e.g., socket.on('message:send', chat events)), Redis pub/sub subscriptions (e.g., pubsub.subscribe(notifications:${userId}) and pSubscribe patterns), and SSE endpoints (e.g., /events/stream/:channel), so the agent will read and process untrusted third‑party messages that could contain injected instructions.