objectstack-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly describes and exemplifies calling and handling external HTTP endpoints and webhooks (e.g., the http_request node and Flow Example in SKILL.md, FlowNodeSchema's http_request/waitEventConfig for 'webhook', and references/webhook.zod.ts webhookReceiver and WaitResumePayload.webhookPayload) so the agent ingests untrusted third‑party webhook/API payloads which can be evaluated by decision/assignment nodes and thus materially influence subsequent actions.