agave

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly enables the agent to fetch and read arbitrary content from a third‑party Agave instance via Membrane (see "Proxy requests" with the example membrane request CONNECTION_ID /path/to/endpoint and the "Files -> File Content" references), which can include user-generated/untrusted data that the agent would read and could materially influence subsequent actions.