n8n-security-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill autonomously fetches and inspects responses from arbitrary webhookUrl endpoints (see testWebhookAuthentication and testWebhookInputValidation in SKILL.md), meaning it ingests untrusted third‑party HTTP content and uses the response body/status to make testing decisions and recommendations, which could enable indirect prompt injection.