velt-notifications-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests user-generated notification content via Velt REST APIs (e.g., https://api.velt.dev/v2/notifications/get and /add in rules/shared/data/data-rest-api.md) and via webhooks (rules/shared/delivery/delivery-webhooks.md and AGENTS.full.md), and it demonstrates using fields like notificationSourceData.url and displayBodyMessage to drive navigation and external actions (router.push, forwarding to Slack/Linear), so untrusted third‑party content can materially influence agent behavior.