marketplace-order-hook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the integration receives webhook POSTs to your /vtex/order-hook and polls VTEX endpoints (GET /api/orders/feed and GET /api/oms/pvt/orders/{orderId}), meaning it ingests user-generated order data from third-party VTEX servers that the agent reads and acts on (e.g., creating fulfillment tasks), so external content can materially influence behavior.