realtime-systems

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's server and client code directly ingests and parses arbitrary user-generated messages from untrusted third-party sources via WebSocket (ws.on('message')), Socket.IO (socket.on('message') and join_room/room_history), Server-Sent Events (/events with pubsub.subscribe and EventSource parsing), and Redis pub/sub handlers, so it reads and acts on external content that could carry indirect prompt injection.