migrating-to-workflow-sdk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's migration guidance requires using createWebhook() / webhook.url and awaiting external requests (e.g., "const request = await approval; const body = (await request.json())" in references/shared-patterns.md and references/aws-step-functions.md), which clearly ingests untrusted third-party webhook payloads that directly influence workflow decisions.