ag2-network-governance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly ingests and acts on user-generated channel "envelopes" (e.g., expectation evaluators that inspect ctx.wal like the TooManyMessagesEvaluator, HubListener hooks such as on_envelope_posted, hub.read_wal, and the arbiter's authorize_send which receives envelope content) and those components can trigger denials, auto-closes, audits, or routing changes based on that untrusted third-party content.