exploiting-websocket-vulnerabilities

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill (scripts/agent.py and the SKILL.md workflow) actively fetches and connects to arbitrary external targets (e.g., discover_ws_endpoints using requests to base_url+paths, test_origin_validation using requests, and test_message_injection/websockets.connect to a supplied wss:// URL) and then reads and interprets those untrusted, user/third-party responses to drive findings and next actions, so third‑party content can influence the agent's decisions.