matrix-communication

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill's scripts and docs (e.g., matrix-read-e2ee.py, matrix-download-e2ee.py, SKILL.md and e2ee-guide.md) explicitly fetch and decrypt user-generated Matrix room messages and media (and poll /tmp/matrix_verification_emojis.txt for verification emojis) which the agent is expected to read/interpret and can drive follow-up actions (replies, reactions, key-fetching), exposing it to untrusted third‑party content that could carry indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill's health-check can auto-install required E2EE dependencies by running pip install matrix-nio[e2e], which fetches and executes remote code from PyPI (e.g. https://pypi.org/project/matrix-nio/) and the E2EE scripts rely on that dependency at runtime.