system-architecture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly accepts external webhook requests ("External service posts to /webhooks/:provider" routed via Caddy/Tailscale Funnel to the worker's /webhooks handler) and ingests those untrusted third-party payloads which are normalized and emitted as Inngest events that can trigger functions and influence agent actions.