flow-cli

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly ingests untrusted external content via webhook and polled "source" bindings (see references/docs/workflow-authoring/triggers-sources-and-inputs.md and the webhook/source examples such as references/docs/examples/workflows/codex-review-loop.yaml), and those trigger payload fields are injected into stage prompts and continuation logic, so arbitrary third-party/user-generated data can directly influence runtime decisions and actions.