qe-n8n-security-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md contains explicit routines (e.g., testWebhookAuthentication and testWebhookInputValidation) that perform fetch() calls to arbitrary webhookUrl endpoints and read/interpret response bodies/statuses from those external URLs, which are untrusted third‑party content used to determine test results and recommendations.