bun-websocket-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill directly ingests untrusted user-generated content via its WebSocket handlers (e.g., the message(ws, message) examples and fetch handlers that read req.url/searchParams) and then acts on that content (ws.publish/server.publish, broadcasts, subscriptions), so third-party messages can materially influence behavior.