chatwoot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows runtime calls to Chatwoot cloud (e.g., "List Conversations" and "Get Conversation Details" via https://app.chatwoot.com/api/v1/... which return message content and conversation data from customers), meaning the agent will fetch and read user-generated, untrusted third-party content that can directly influence actions like sending messages, assigning conversations, or changing status.