zitadel-knowledge-patch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation (references/actions-v2.md and SKILL.md) explicitly documents Actions V2 webhook/call targets that fetch arbitrary external endpoints and process their response bodies to modify requests, append claims/metadata, or forward errors—i.e., the agent/system ingests untrusted third‑party HTTP responses as part of its runtime workflow.