upstash-qstash

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows runtime handlers that ingest and act on responses from public endpoints—e.g., the "Callback for Delivery Status" handler processes data.body and updates state (markTaskComplete), and the "URL groups" / "Audit URL groups" examples perform fetch requests to arbitrary endpoint URLs—meaning untrusted third-party content can be read and materially influence actions.