railway-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill shows runtime ingestion of untrusted, user-generated third-party content — notably GitHub webhook payloads in the webhook handler (app.post('/webhook/github', ... / req.body) and PR preview usage of github.event.pull_request.number) and health checks/curl against arbitrary deployed URLs ($DEPLOY_URL/health or $SERVICE_URL/health) — which the agent would read and act on as part of workflows.