start-core/middleware

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (medium risk: 0.65). SKILL.md describes sendContext being produced by client-side middleware (createMiddleware({ type: 'function' }).client(...)) and then arriving on the server as context for the .server(...) phase; this is outsider-authored free text because it originates from the client (not chosen by the operating user) and is ingested into the LLM context via the server handler/middleware code path that logs/uses context.