agent-access-control

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests and processes untrusted user-generated messages from public messaging platforms (WhatsApp/Telegram/Discord/Signal) as shown in SKILL.md "Message Handling Flow" where it extracts sender IDs, stores the message "firstMessage" in pendingApprovals, and notifies the owner with the first 100 chars — content that can influence approval decisions and subsequent agent privileges.