upstash-workflow-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and acts on arbitrary external content — e.g., basics/context.md's context.call (calls arbitrary URLs), features/webhooks.md's context.waitForWebhook (parses external webhook request bodies), and agents.md's wikiTool/researcher agent (queries public Wikipedia) — and the workflow examples show that retrieved third‑party payloads/documents are read and used to drive agent decisions and tool calls, so untrusted web content could indirectly inject instructions.