whatsapp-flows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests untrusted user-generated WhatsApp content as part of normal operation (e.g., the data endpoint handler reads body.data_exchange.data and scripts like list-flow-responses.js and list-function-logs.js expose stored user responses/logs), so an agent that reads or interprets those could be exposed to indirect prompt injection.