websocket-realtime

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill ingests and interprets untrusted user-generated content via WebSocket messages (ws.on("message") with JSON.parse and broadcastToRoom), Socket.io handlers (socket.on("chat:message") saving and emitting user text), and the SSE Redis subscriber (listener parsing JSON from redis), exposing the agent to third-party inputs that could carry indirect prompt injections.