yjs-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflows create and use network providers (e.g., y-websocket with server URL in rules/providers/provider-websocket.md, y-webrtc with public signaling servers like "wss://signaling.yjs.dev" in rules/providers/provider-webrtc.md, and CustomProvider message handlers in rules/providers/provider-custom.md) that ingest and apply arbitrary remote/user-generated updates/awareness states as part of normal operation, so untrusted third-party content is fetched and read and can materially change agent behavior.