webhook-tester

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill runs generic webhook endpoints (e.g., /webhooks/:service, webhook receivers and the webhook-cli logger), and references tools like webhook.site and public tunneling services (ngrok/cloudflared/localtunnel) which expose and ingest arbitrary public webhook payloads and thus cause the agent to read untrusted, user-generated third-party content.