dbos-typescript

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's instructions (e.g., SKILL.md and references/step-basics.md and comm-*.md) explicitly show workflows/steps calling external APIs (e.g., DBOS.runStep(() => fetch("https://api.example.com")...), DBOS.recv from webhooks, and DBOSClient.readStream/DBOS.getEvent) so the runtime clearly ingests untrusted, user-provided third‑party content which can influence workflow decisions and subsequent actions.