==== Chaining of vulnerabilities

Triggering arbitrary workflows can lead to problems ranging from a denial of
service to worse, depending on how the webhook's data is handled. If the
webhook performs a specific action that is affected by a vulnerability, the
webhook acts as a remote attack vector on the enterprise.

Components affected by this webhook could, for example, experience unexpected
failures or excessive resource consumption. If it is a single point of failure
(SPOF), this leak is critical.