0codekit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly exposes many public third-party connectors (e.g., WordPress blogs, Twitter/Tweets, Mastodon posts, Slack/Discord messages) and documents using Membrane proxy requests (membrane request CONNECTION_ID /path/to/endpoint) and action runs to fetch and operate on that data, meaning the agent will read untrusted user-generated content that can influence its actions.