matrix-administration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (notably scripts/synapse-fetch-rooms.py, synapse-rate-rooms.py, synapse-search.py and synapse-graph.py) call the configured homeserver via admin_request/client_request (see scripts/_lib/admin_http.py) to fetch room state and user-generated messages and then parse/act on that data (ratings, graph rendering, and migration/deactivation decisions), so untrusted third‑party content from arbitrary Matrix homeservers directly influences tool behavior.