botpress

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the agent calling Membrane/Botpress actions like "list-messages" and "get-message" (and using the proxy request command) to retrieve conversation messages and events (user-generated content) from Botpress, which the agent would read and could materially influence subsequent actions.