backend-websocket

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill directly accepts and parses arbitrary user-sent WebSocket messages (see apps/backend/src/routes/websocket/chat.ts's ctx.websocket.on('message') and the wsAuth middleware's initial ctx.websocket.once('message')), so it ingests untrusted, user-generated content that the agent will read/interpret.