api-integration-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill ingests external, potentially untrusted content by reading and processing incoming webhooks (e.g., WebhookHandler.Handle reading provider payloads for "slack" and "quickbooks") and by polling/fetching provider APIs (e.g., Poll calling m.api.GetChangesSince and recorded real API responses via go-vcr), so the agent will read/interprete third-party user-generated or public API data at runtime.