n8n-expression-syntax

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's docs and examples (SKILL.md and EXAMPLES.md) explicitly instruct reading and using webhook body data ({{$json.body.*}}) and HTTP Request node responses (e.g., $node["HTTP Request"].json from OpenStreetMap / Weather API), which are untrusted user- or public-API content that the agent would parse and act on and thus could enable indirect prompt injection.