x-request

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's documentation and required workflow (e.g., SKILL.md "Basic Configuration" and "Usage Scenarios" showing XRequest("https://api.example.com/chat") and the testRequest to https://httpbin.org/post, plus reference examples for transformStream parsing OpenAI/other provider streams and integration with x-chat-provider/use-x-chat) explicitly instruct the agent to fetch and interpret live, untrusted third-party API/web responses and use them as messages/callbacks, which can materially influence subsequent actions.