relay

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and normalizes inbound messages from third-party messaging platforms (e.g., SKILL.md core contract and recipes plus references/channel-adapters.md and references/bot-framework.md), which are untrusted, user-generated inputs (Slack/Discord/Telegram/WhatsApp/LINE webhooks/events) that the agent is required to read and that can drive command parsing and downstream actions—exposing it to indirect prompt-injection risk.