webhook-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill receives and processes untrusted, user-generated inbound messages sent to the configured webhook URL (e.g., /webhooks/zavu) via Zavu "message.inbound" events (see SKILL.md TypeScript/Python webhook handlers that parse event.data.text and call processEvent), so third-party content is ingested and can influence processing/behavior.