upstash-workflow-js

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime APIs explicitly perform and consume external HTTP/webhook content (e.g., basics/context.md's context.call that requests arbitrary URLs and features/webhooks.md's context.createWebhook / waitForWebhook which parse req.json() and drive workflow logic), so untrusted third‑party payloads can be ingested and materially influence workflow decisions.