hwc-realtime-streaming

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes runtime flows that consume untrusted external content — for example references/2024-03-12-hotwire-combobox-with-real-time-data.md shows connecting to an external WebSocket (data-external-websocket-url-value / wss://example.com/ws) and parsing incoming JSON to update the UI, and other references (e.g., references/2023-10-10-turbo-streams-custom-stream-actions.md and references/2023-08-01-turbo-streams-inline-stream-tags.md) show executing server-sent or appended elements and attributes from responses, all of which are untrusted third-party inputs that can materially influence client behavior.