websockets

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's WebSocket gateway handlers (e.g., @SubscribeMessage('message'), 'chatMessage', 'joinRoom' and the Client-Side Example using socket.emit) accept arbitrary Socket.io/WebSocket messages from external clients, and the gateway code reads and acts on that untrusted user-generated content (joining rooms, broadcasting, private emits), so third-party content can materially influence runtime behavior.