sap-btp-build-work-zone-advanced

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's docs (e.g., references/chatbots.md and references/api-reference.md) explicitly describe ingesting external webhook payloads (https:///api/v2/ai/webhook) and UI card data via runtime destinations/OData URLs (card manifests and templates) where untrusted third‑party or user‑generated content can carry "action": "perform_actions" (create_workspace, ui5_card) and thus directly drive platform actions and decision-making.