imessage

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows the agent directly ingesting and acting on user-generated iMessage content (e.g., sdk.on('new-message' ...) that reads message.text and feeds it into processing/LLM flows) and also exposes messages via Photon Webhook, MCP tools, and the HTTP proxy—clear sources of untrusted third-party input that can influence tool use and decisions.