zhin-command-middleware

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill processes incoming user-generated messages (e.g., reads message.$raw in middleware and routes user/group chat content to MessageCommand handlers), so it ingests untrusted third-party content (chat messages) that the agent will read and act on.