velt-notifications-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's agent-facing instructions and examples explicitly show ingesting and acting on user-generated notification content from Velt APIs and webhook payloads (e.g., https://api.velt.dev/v2/notifications/* and the webhook handler examples in rules/shared/delivery/delivery-webhooks.md and AGENTS.full.md), so the agent would read untrusted third-party (user) content and use it to drive actions like forwarding, navigation, or API calls.