booking-notify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md and references/webhook-relay.md explicitly describe fetching bookings from the public Cal.com API and accepting webhook payloads (user-generated booking data) which the skill parses to detect new/cancelled/rescheduled events and drive notifications/priorities, so untrusted third‑party content is ingested and can influence behavior.