line-platform

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs building a chatbot that receives and processes LINE webhook events (see "Creating a Chatbot" in SKILL.md and the webhook Event Object in references/messaging-api.md), which ingests arbitrary user-generated messages from external LINE users that can directly influence bot actions and follow-up tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The LIFF starter HTML loads and executes the remote LIFF SDK at https://static.line-scdn.net/liff/edge/versions/2.22.3/sdk.js at runtime, which executes remote code and is a required dependency for the LIFF workflow.