webhook-template-builder

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's build flow explicitly runs WebSearch and WebFetch against destination API/docs (see "Step 1: Identify Destination" and "Step 2: Fetch Destination Docs") and then parses that third‑party content to infer headers/payload/auth and to draft executable templates (Steps 4–6), so untrusted public webpages can materially influence code generation and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill performs runtime WebFetch of destination API docs (e.g., a user-supplied docs URL such as https://api.qualtrics.com/...) and uses the fetched content to infer payloads and draft template source that is then executed via the platform's /test endpoint, so remote content can directly control generated code and prompts.