klaviyo-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Flagged because scripts/dev_tools.py (test_webhook) and the related SKILL.md workflow explicitly send requests to arbitrary HTTPS webhook URLs (validated only to block local/private IPs) and return/interpret the endpoint's response_body, meaning the agent will fetch and read untrusted third‑party content supplied by arbitrary external endpoints during normal operation.