instantly-security-basics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill clearly ingests and acts on untrusted third-party content from Instantly (see "Step 4: Webhook Security" where req.body.data is processed via handleWebhookEvent, and the API/audit-log calls in Steps 5–6), so webhook/API-provided user data could influence subsequent actions.