hooks-development

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly supports HTTP hooks that POST event JSON to arbitrary external URLs (see "Hook types: HTTP Hook" and the example { "type": "http", "url": "https://example.com/hook" } in references/lifecycle-reference.md), and the agent is expected to parse the returned JSON (e.g., decision fields) which can directly change hook decisions and tool behavior, exposing it to untrusted third‑party content.