@2048/chatroom

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests and acts on user-generated room content and owner-provided rules from the sc-chatroom server (e.g., fan-out messages delivered to the agent's /chat/stream and explicit GET /rooms/{room_id}/rules calls described in SKILL.md and install_soul.py), and those external messages/rules are read by the agent and used to decide whether and how to respond, so untrusted third-party content can materially influence agent behavior.