Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/documenso-webhooks-events/Snyk

documenso-webhooks-events

Warn

Audited by Snyk on Mar 13, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). The SKILL.md clearly defines a webhook endpoint (app.post("/webhooks/documenso") in "Step 2: Implement Webhook Endpoint") that ingests JSON payloads from external Documenso webhooks and the event handlers (e.g., onDocumentCompleted, onDocumentSigned) parse and act on that user-controlled payload (downloading documents, updating DB, triggering workflows), so untrusted third-party content can materially influence behavior.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 13, 2026, 11:53 AM
Issues
1