ably

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the agent subscribing to and reading Ably channel messages and history (e.g., channel.subscribe(...), channel.history(...), presence.subscribe(...)), which ingests untrusted, user-generated content from public channels that can drive publishing, UI updates, and other actions—creating a clear vector for indirect prompt injection.