openai-chatkit-backend-python

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill’s backend explicitly accepts and parses arbitrary user messages and uploaded files via the /chatkit/api and /chatkit/api/upload endpoints (e.g., reading request.json user message content and file uploads) which are untrusted, user-generated inputs that the Agents SDK is expected to read and act on, enabling potential indirect prompt injection.