loom-webhooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly receives and processes arbitrary external webhook payloads at the /webhooks receiver (app.post("/webhooks", express.raw(...))) and sends HTTP requests to customer-specified endpoint URLs via fetch(delivery.url), meaning untrusted third-party content is ingested and used to select handlers, retries, and other actions in the workflow.