relay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and normalizes inbound, user-generated messages and webhook payloads from public messaging platforms (see "Inbound Normalization" in references/channel-adapters.md and the webhook handler requirements in references/webhook-patterns.md), which the agent is expected to read/parse (command parsing, conversation state, routing) and which can control subsequent actions—so untrusted third-party content can materially influence behavior.