gitlab-webhooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill defines a public webhook endpoint (POST /webhooks/gitlab) that ingests and parses JSON payloads sent by GitLab projects/users (see examples/express/src/index.js, examples/fastapi/main.py, examples/nextjs/app/webhooks/gitlab/route.ts and SKILL.md), meaning untrusted, user-generated third‑party content is read and used to drive handling logic.