branch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to run actions and proxy arbitrary requests against the Branch API via the Membrane CLI (see "Running actions" and "Proxy requests"), which pulls Branch data types like Announcements/Messages/Surveys that can be user-generated and would be read/interpreted by the agent and could therefore influence subsequent actions.