twilio-sendgrid-webhooks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md webhook handler explicitly parses SendGrid Event Webhook POSTs (batched arrays) — including fields like event.reason that "originate from external mail servers" — and uses them in event handling and downstream actions (e.g., bounce/suppression workflows), so untrusted third-party content is ingested and can influence behavior.