campaign-orchestrator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's webhook_handler.py directly ingests untrusted, user-generated Dialpad SMS webhook payloads (message text/from_number/contact) and uses that message content to match leads and terminate campaigns, so external messages are read and acted on as part of the workflow.