atscript-ui-wf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests third-party webhook payloads (references/outlets.md "Recipe — webhook callback flow" and server.md showing the callback that calls wfEngine.resume(handle, { input: payload })) and the workflow handlers read and act on that untrusted input (e.g., checking input.status in the finalize step), so external, potentially user-controlled data can materially influence workflow actions.