vercel-webhooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill ingests HTTP webhook payloads from the third‑party Vercel service at the /webhooks/vercel endpoint (see examples/express/src/index.js and examples/fastapi/main.py), and it parses and logs user-provided fields such as commit messages, URLs and other payload data—i.e., untrusted, user-originated content is read and interpreted as part of its workflow.