webhook-security

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly accepts and parses incoming webhooks from third-party services (e.g., the Express '/webhooks' raw body route and createWebhookHandler for Stripe/GitHub/Twilio), ingesting untrusted external payloads into application logic.