4demit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Yes — SKILL.md explicitly directs the agent to use the Membrane CLI to run actions and proxy requests against the 4dem.It API (see "membrane action run ..." and "membrane request CONNECTION_ID /path/to/endpoint"), which causes the agent to fetch and interpret potentially untrusted, user-generated records (tickets/comments/users) from a third-party service that can influence subsequent actions.