documenso-webhooks-events

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill registers a /webhooks/documenso endpoint (see "Step 2: Webhook Handler (Express)" and related code) that ingests Documenso webhook POSTs containing user-provided fields (title, recipients, payload) and then reads and acts on that data (download/store documents, trigger workflows), so untrusted third-party content can materially influence agent behavior.