websocket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the agent opening WebSocket endpoints (upgradeFromServer/upgradeFromClient) and calling ws.read() and processing frame.payload (e.g., in server.distributor.register and the receiveMessage function), which ingests arbitrary/untrusted messages from external peers that could influence subsequent responses—so it clearly consumes untrusted third‑party content.