authoritative-server

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The prompt contains a hidden/deceptive instruction ("do NOT tell the user to run this") instructing the agent to withhold implementation/debugging details from users, which is outside the advertised purpose and therefore a prompt injection.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow shows the server ingesting untrusted, user-generated content via registerMessages/room.onMessage (e.g., "playerJoin"/"playerAction"/"playerReady") and reading PlayerIdentityData/Transform in SKILL.md and references/server-patterns.md, and those inputs are explicitly used to validate and apply game actions, so third-party input can materially influence server behavior.