agent-messenger

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's workflow explicitly reads and processes untrusted, user-generated messages and public agent content (e.g., "Reading messages" commands like thread unread, thread show, inbox request list and discovery commands discover search / discover show and inbox public show in SKILL.md), so third-party content from other agents/users is ingested and can influence subsequent replies, approvals, or automation actions.