cometchat-android-v5-push

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests untrusted, user-generated content delivered via FCM push payloads (see onMessageReceived handling in §5 and the push payload schema in §6) and then parses those fields to drive behavior like deep-link navigation (§8), call handling (§14), and notification actions, so remote payloads can materially influence runtime decisions.