n8n-daily-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (SKILL.md) ingests untrusted third-party content via a webhook and external APIs—e.g., OpenWeatherMap and Procore ({{$env.PROCORE_API}}) for site photos—and then directly uses fields like distribution_list/project_name to decide recipients and upload targets, so that arbitrary external/user-generated content can materially influence actions.