socket-io

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows runtime code that directly ingests and displays arbitrary user-generated content from network peers (e.g., socket.on('message', ...), socket.on('message:new', ...') in Chat.tsx and server handlers like 'save:data' and 'room:join' in the server examples), so untrusted third-party input can be interpreted and drive actions.