websocket-realtime-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). Yes — the skill's chat/notification system clearly ingests and displays arbitrary user-generated content via Socket.io events (server namespaces/chat.ts handles 'send-message' and emits 'new-message', and hooks/useChat.ts plus components/ChatRoom.ts render message.content and notifications), which exposes the agent to untrusted third-party content that could carry indirect prompt injection.