n8n-security-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md includes functions (notably testWebhookAuthentication and testWebhookInputValidation) that call fetch(webhookUrl) and read response status/body from arbitrary webhook URLs, meaning the agent fetches and interprets untrusted third‑party responses as part of its decision-making and recommendations.