booking-notify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests user-generated booking data from the Cal.com API and webhook relay (see "Fetches bookings from Cal.com API" in SKILL.md and the webhook-relay deployment/POST examples in references/webhook-relay.md), so untrusted third-party content is read at runtime and used to drive notifications and workflow decisions.