server-side-tracking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's /collect endpoint (see scripts/process.py collect_event and the example event in SKILL.md) ingests JSON event payloads from client browsers (untrusted user-generated input) and directly uses consent_state and event_params to decide routing to third-party endpoints (GA4/Google Ads/Meta), so arbitrary external content can materially influence forwarding behavior.