platform-core

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests untrusted inbound IM/webhook messages (see Environment Detection: AITER_REPLY_CONTEXT and the Messaging section with aiter message connect/add-route and "inbound messages → project terminals"), and those messages can be routed to terminals or cause replies/actions, so third-party content can influence tool use and enable indirect prompt injection.