upstash-qstash-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's docs and examples show publishing to arbitrary external URLs and processing their responses (see advanced/callbacks.md which includes callback payloads with base64-encoded response bodies and advanced/dlq.md which instructs listing DLQ messages and decoding responseBody/responseBodyBase64), so the agent and user code are expected to ingest untrusted third-party HTTP responses that could influence follow-up actions.