implementing-admin-portal-scim

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill embeds a third-party Scalekit portal (src = https://.scalekit.com / generated portal link) and explicitly listens for and acts on postMessage events from that iframe (Step 4–6), so external/untrusted portal content or anyone with a shareable link can influence agent behavior.