webhook-handler-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and parses raw HTTP webhook payloads from external providers (e.g., /webhooks/stripe, /webhooks/github, /webhooks/shopify shown in references/frameworks/express.md, nextjs.md, and fastapi.md), which are untrusted third‑party inputs that the agent reads and interprets as part of its workflow.