workflow-devkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill accepts and processes arbitrary external inputs (untrusted, user-generated) via webhooks and hook resume endpoints—e.g., createWebhook()/webhook handling in patterns.md and the POST_actor_event / actorHook.resume API route in templates/api-routes.ts—which the workflows/agents read and act on, exposing the agent to indirect prompt injection.