inngest-middleware

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests user-provided content in its runtime workflow (e.g., the "ai-summary" function in SKILL.md / references/dependency-injection.md reads event.data.content from the "document/uploaded" event and passes it to OpenAI), so untrusted third-party/user-generated content can influence model calls and downstream actions.