clerk-webhooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly receives and parses external webhook payloads from Clerk/Svix at the /webhooks/clerk endpoint (see examples/express/src/index.js, examples/fastapi/main.py, examples/nextjs/app/webhooks/clerk/route.ts and SKILL.md), so untrusted third-party/user-generated event data is ingested and used to drive handling logic.