blink-backend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly states the backend is for "webhooks, ... third-party callbacks" and the required entry point shows endpoints that parse incoming JSON (backend/index.ts app.post ... const body = await c.req.json()), meaning the skill ingests untrusted third‑party request content that could influence runtime behavior.