personize-signal

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests external webhook payloads in the CONNECT section (WebhookSource mounted at '/webhooks/signal' with a parser in SKILL.md), and those arbitrary third‑party requests are fed into the Signal engine and AI decisioning (trigger/workflow), so untrusted content can materially influence actions and generated messages.