imsg

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly reads and watches Messages.app chats and message history (see "List Chats", "View History", "Watch for New Messages" and the example workflow in SKILL.md), which are untrusted, user‑generated third‑party messages that the agent is expected to interpret and that could materially influence subsequent actions.