rails-action-cable

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill processes arbitrary user-generated messages over Action Cable WebSocket streams (e.g., ChatChannel.receive/send_message and the client received(data) handlers in references/examples.md and references/client-side-integration.md that stream from "chat_lobby" and append data.body), so it clearly ingests untrusted third‑party content at runtime.