automate-whatsapp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly lets agent nodes call arbitrary external HTTP endpoints and third‑party apps (see references/node-types.md "flow_agent_webhooks" with a configurable "url" and references/app-integrations.md / scripts for creating integrations to Slack/HubSpot/Sheets), and those tool responses are consumed by agent tools/functions and can influence routing/decisions in workflows—exposing the agent to untrusted third‑party content that could inject instructions.