chat-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — SKILL.md demonstrates handlers (e.g., bot.onNewMention and bot.onSubscribedMessage) that consume message.text from external chat adapters (Slack/Discord/Telegram/etc.) and directly pass it into agent.stream as a prompt (see the code snippet in SKILL.md), so arbitrary user-generated content from those platforms can influence agent behavior.