hookdeck-event-gateway

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows Hookdeck ingesting webhooks from external providers (e.g., Stripe, GitHub, Shopify) and forwards those untrusted, user/provider-generated payloads to your app where the examples parse and act on req.body (e.g., updateSubscription, sendConfirmationEmail), so third-party content is read and can materially influence actions.