convex

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests and processes external Polar webhook payloads (see references/features/auth-polar.md: webhooks({ ... onCustomerCreated/onSubscriptionCreated/onSubscriptionUpdated }) and the createSubscription/updateSubscription handlers) which are untrusted third-party data that the agent reads and acts on to create/update subscriptions and trigger internal callers, so external content can materially influence behavior.