webflow-local-dev-loop

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Step 6 ("Webhook Testing with ngrok") explicitly instructs registering a Webflow webhook URL so that public, user-submitted "form_submission" payloads are POSTed to the local /webhooks/webflow endpoint (part of the required dev workflow), which the server is expected to receive and process, creating a clear path for untrusted third-party content to influence behavior.