booking-notify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches bookings from the Cal.com API ("Sync Behavior" in SKILL.md) and accepts Cal.com webhook payloads (references/webhook-relay.md), both of which contain user-generated/untrusted booking fields (names, notes, event data) that the agent reads and uses to decide and send Telegram/Pushover notifications, so third‑party content can materially influence its actions.