ai-agent

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The required runtime path is the ai-agent actor’s queue ingestion: the operating user’s client sends { text, sender } via connection.send("message", ...), which the actor consumes in run (for await (const queued of c.queue.iter())) and then includes in the LLM prompt as part of c.state.messages (user-authored free text, i.e., outsider content from the client side).