moai-platform-deployment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill contains runtime code that fetches external URLs (e.g., reference/convex.md's fetch in fetchWeather and updateFromAPI actions) and reads/displays user-generated content from Convex (e.g., MessageList, ImageView using api.messages.list and files.getFileUrl), so it clearly ingests untrusted third‑party/user content.