upstash-qstash

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly handles "webhook-delivery" and "scheduled-http-calls" (HTTP in/HTTP out) and discusses verifying QStash message signatures, which means it consumes and processes arbitrary user-provided payloads from external endpoints (webhooks/URLs) that are untrusted third-party content.