chatwoot-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs agents to fetch and read user-generated Chatwoot conversations (e.g., "Use when the user wants to read, summarize, or act on Chatwoot conversations" and commands like conv <id> messages, convs --query, and the "Common Patterns" examples in SKILL.md), which are untrusted third-party content and can directly influence follow-up actions such as replies, assignments, and resolves.