zap-webhooks-routing-and-verification

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes incoming HTTP webhook payloads from external sources (see router.register handlers like "github/push" and the adapter's toNormalizedRequest reading req.text()/rawBody in SKILL.md), which are untrusted third-party content that can directly influence handler behavior.