instantly-webhooks-events

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime webhook handler (app.post("/webhooks/instantly")) ingests Instantly webhook payloads including user-generated fields like reply_text and other event data, and those fields are explicitly processed by handlers (e.g., handleReply, handleUnsubscribe, handleBounce) to update CRMs, post Slack notifications, and call API actions—demonstrating ingestion of untrusted third‑party/user content that can influence downstream actions.