46elks
Warn
Audited by Snyk on Mar 4, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The SKILL.md instructs using Membrane to call 46elks endpoints (e.g., "Get SMS", "List SMS", "Get MMS" and the "membrane request" proxy) which will ingest user-generated SMS/MMS from the external 46elks service, so the agent would read untrusted third-party content that could contain instructions affecting subsequent actions.
Audit Metadata