scf-worker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests and processes untrusted user-generated inputs via COS callbacks and external webhooks (see scf/cos-callback/index.js and the webhook-forward functions/triggers), parsing those payloads and using them to drive database writes, retries, dead-letter handling and downstream events, so third-party content can materially influence agent actions.