chatwoot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill calls Chatwoot APIs that return customer/user-generated content (e.g., List Conversations, Get Conversation Details, message endpoints such as GET /conversations and conversation messages), so the agent would read untrusted third-party messages that could contain indirect prompt-injection instructions.