github-webhooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill receives and parses GitHub webhook payloads from the open web (e.g., POST /webhooks/github in examples/express/src/index.js and the SKILL.md examples), which are user-generated/untrusted and are explicitly used to drive handling logic (logs, TODOs for CI/CD, bot responses/command parsing) so those payloads could materially influence actions.