calcom

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — SKILL.md's "Running actions" and "Proxy requests" sections instruct the agent to use Membrane to fetch and run actions against the Cal.com API (e.g., list-bookings, get-event-type, membrane request), which returns user-generated/public booking and event content that the agent must read and could influence subsequent actions.