pachca-chats

The export workflow is legitimate but carries notable data-exposure risk due to external webhook destinations. Improvements should include webhook request validation, payload signing, nonce usage, domain allowlisting, per-export access tokens, and robust auditing. Ensure secure transport and encryption for both webhook communications and the exported data, plus strict access control and error handling to prevent misassociation or unauthorized downloads.