gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly ingests untrusted third-party user content (Telegram, Slack, webhooks, Redis channel events and gateway session transcripts) as part of runtime gateway processing and session prompts—see the SKILL.md sections describing the Telegram/Slack/Webhook channels, Redis channel, and warnings about hidden "context-refresh" messages in the gateway session transcript—so external messages can influence agent behavior and tooling decisions.