client-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly subscribes to public Nostr relays (e.g., relayPool.subscribe in SKILL.md and references/discovery.md, using relay URLs like wss://relay.contextvm.org) and parses untrusted event.content (SERVER_ANNOUNCEMENT_KIND) to discover servers, capabilities, and encryption support—external user-generated content that directly influences which servers/relays are selected and how the client behaves.