setup-webhook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references/webhook-events.md show the webhook handling inbound, user-generated content (e.g., "transcript", "assistant-request", and "tool-calls" events carrying caller transcripts, customer data, and toolCall arguments) which the agent is expected to read and which can directly alter assistant configuration and tool execution.