implementing-scim-provisioning

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly ingests and acts on external, potentially untrusted data from Scalekit's Directory API (Step 4: listDirectoryUsers/listDirectoryGroups) and real-time webhook payloads (Step 5: /webhooks/scalekit and Step 6: event handler), which are parsed and used to drive create/update/deactivate logic and thus can materially influence behavior despite the recommended signature checks.