alttextai

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly lists a "Scrape Page for Images" action and documents running Membrane actions (membrane action run ... --input ...) which indicates the skill will fetch and ingest arbitrary public web pages/URLs and use that page content as input for generating alt text or other actions, exposing the agent to untrusted third‑party content.