elevenlabs-webhooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill accepts and parses webhook payloads from the external ElevenLabs service (e.g., POST /webhooks/elevenlabs in examples/express/src/index.js and examples/fastapi/main.py) which include user-generated content such as call transcripts (event.data.transcript.text) that the agent is expected to read and process, so it clearly ingests untrusted third‑party content.