chat-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md shows the bot ingesting user-generated messages from chat platforms (e.g., Slack/Discord/GitHub via event handlers like bot.onNewMention and bot.onSubscribedMessage) and directly passing message.text into an agent stream (agent.stream({ prompt: message.text })), which means untrusted third-party content from public chats can influence agent behavior and tool use.