calendly-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and processes untrusted, user-generated content from third-party Calendly endpoints (e.g., webhook payloads and API calls such as /scheduled_events, /invitees, /routing_form_submissions and event_type/question-and-answer fields) and directly reads/interprets that content for workflows like Slack notifications and handlers.