brevo-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md mandates calling BREVO_LIST_EMAIL_CAMPAIGNS and BREVO_GET_ALL_EMAIL_TEMPLATES and accepts htmlContent/htmlUrl (a URL to HTML content), so the agent will fetch and parse user-generated/third-party HTML from Brevo or arbitrary URLs as part of its workflow, which could contain instructions that influence subsequent actions.