fastapi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill clearly ingests untrusted, user-generated content via HTTP endpoints (e.g., POST /api/v1/agents in routers/agents.py accepting AgentCreate) and a WebSocket endpoint (/ws/{agent_id} that calls process_message on received text), which the agent is expected to read/interpret and could be forwarded to an LLM, enabling indirect prompt injection.