webhook-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly ingests and processes incoming webhook payloads from external platforms (e.g., Shopify, Stripe, WooCommerce) as shown in SKILL.md (see app/api/webhooks/shopify/route.ts and the platform-specific setup sections), meaning untrusted third-party content is parsed and used to drive application actions.