supabase-dev-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Edge Functions (e.g., supabase/functions/stripe-webhook and supabase/functions/contribute-thread-process) accept and process external webhook/request bodies and call extractThreadMetadata and RPCs, which means it ingests untrusted, user-provided third-party content as part of its runtime workflow.