webhook-handler-patterns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill processes incoming, raw webhook payloads from external providers (e.g., the /webhooks/stripe endpoints shown in references/frameworks/express.md, nextjs.md, fastapi.md and the SKILL.md handler sequence), which are untrusted third-party content that the agent parses and uses to route actions and trigger processing.