velt-rest-apis-best-practices

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly directs agents to handle Velt REST API comment endpoints and inbound webhook events (see SKILL.md and AGENTS.full.md — Webhooks / webhooks-basic.md and webhooks-advanced.md), which ingest user-generated comment/huddle/CRDT payloads from third parties that the agent is expected to parse and act on, so untrusted content could influence subsequent tool use or decisions.