baserow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md shows the agent running Membrane actions (e.g., list-rows, get-row) and arbitrary proxy requests via "membrane request CONNECTION_ID /path/to/endpoint", which causes the agent to fetch and interpret user-provided Baserow data (third-party/user-generated content) as part of its workflow and could therefore influence subsequent actions.