documenso-debug-bundle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's scripts (e.g., scripts/inspect-document.ts and scripts/documenso-diagnostic.ts plus the curl examples) fetch and log documents from the Documenso API (https://app.documenso.com) and scripts/test-webhook.ts parses arbitrary incoming webhook payloads, meaning untrusted/user-generated content is ingested and could influence behavior.