contact-center

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The web integration docs (web/SKILL.md, web/concepts/lifecycle-and-events.md, and web/examples/app-context-and-state.md) explicitly require loading external campaign SDK scripts and Smart Embed iframes and handling zoomCampaignSdk/postMessage events and fetched campaign metadata from third-party sites, which are untrusted inputs that can drive actions like open/show/endChat and thus could carry indirect prompt-injection instructions influencing runtime behavior.