constructive

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly accepts arbitrary HTTP/webhook payloads in cloud functions (see references/cloud-functions.md: "Function handler pattern" and "Direct Database Access" where params (e.g., params.query) from incoming requests are executed against the database), so untrusted third‑party content can be ingested and directly influence tool actions.