websocket-engineer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly parses and acts on untrusted, user-generated real-time messages from external clients (see ws.on('message' / JSON parsing and handleMessage, the RealtimeClient onmessage handler, and SSE event handlers), which the server uses to drive actions like join-room, send_message, broadcasts, and Redis publishes — enabling third-party content to influence behavior.