whatsapp-cloud-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's webhook workflow explicitly ingests and processes incoming WhatsApp messages and media from external users (see references/webhook-setup.md and the webhook handler in references/automation-patterns.md that reads value.messages and sends user text to the Claude API), meaning untrusted user-generated content is parsed and can directly influence AI calls, routing, and actions.