beeple

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md instructs the agent to run Membrane commands like "membrane action list" and "membrane request" which fetch data and action/input schemas from the Beeple API (third‑party user-generated NFT/content), and the agent is expected to read and use those responses to decide next actions—exposing it to untrusted external content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs running the Membrane CLI via npm/npx (package @membranehq/cli — e.g. https://www.npmjs.com/package/@membranehq/cli), which fetches remote code at runtime and executes it as a required dependency.