coze-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill directly fetches and ingests messages from the public Coze API (e.g., POST/GET to https://api.coze.cn/v3/chat, /v3/chat/message/list and the stream handling in scripts/coze_client.py and SKILL.md), and those assistant/user-generated messages are parsed and used in the workflow (stream_chat, chat_with_polling), so untrusted third-party content could contain instructions that influence subsequent behavior.