Relay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and normalizes inbound messages from external platforms (see SKILL.md LISTEN phase and references/channel-adapters.md SlackNormalizer) and parses/acts on user-generated content (see references/bot-framework.md command parser and ConversationManager), so untrusted third‑party messages can influence routing and handler actions.