xmtp-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The bridge explicitly streams incoming messages from any XMTP user via "xmtp conversations stream-all-messages" and passes the raw "content" field into the agent backend (see Step 2 and "Choosing a Backend"), meaning untrusted, user-generated third-party messages are read by the agent and can influence tools/actions.