basin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs using Membrane to run actions like "list-submissions" and "get-submission" and to proxy arbitrary Basin API requests (e.g., membrane request CONNECTION_ID /path/to/endpoint), which fetch user-generated form submissions from the public Basin service that the agent would read and act on.