jazz-ui-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime guidance instructs the agent/app to load and subscribe to user-generated CoValues/CoFeed entries and images from the Jazz network (e.g., via useCoState/load/subscribe and sync peers like wss://cloud.jazz.tools) and to react to invite secrets in URLs, which clearly ingests untrusted, third-party user content that can influence actions or callbacks.