novu-dashboard-workflows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's HTTP Request step (references/http-request-step.md and SKILL.md) explicitly calls external APIs/webhooks (including arbitrary/template URLs like "{{payload.webhookUrl}}") and documents that subsequent steps and templates (e.g., email-step.md) may read and act on those response fields, exposing the agent to untrusted third-party content that can influence decisions and next actions.