React Integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Provider Setup accepts an external apiUrl/wsUrl and the workflow (SKILL.md sections "Provider Setup", "useMessages", "useWorkspaceFiles", and "WebSocket Events") shows it loads session lists and ingests conversation blocks, tool_use/tool_result blocks, subagent transcripts and file contents from the backend WebSocket—i.e., arbitrary user-generated/untrusted session content that the agent reads and can influence UI/tool behavior.