bookingmood

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to use Membrane to call Bookingmood APIs (e.g., "list-booking-details", "list-calendar-event-notes", and "membrane request"), which fetch guest-submitted booking data and notes from the third-party Bookingmood service—untrusted/user-generated content that the agent would read and could influence subsequent actions.