azure-communication-chat-java

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Get Messages" section shows the agent calling threadClient.listMessages() and accessing message.getContent() (user-generated chat messages) and other sections show sending/updating messages, so the skill clearly ingests and acts on untrusted chat content from third-party users in threads which could influence agent behavior.