callfire

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches user-generated content from the CallFire API (e.g., actions like "list-texts"/"get-text" and the Membrane proxy call membrane request CONNECTION_ID /path/to/endpoint described in SKILL.md), which the agent is expected to read and can materially influence subsequent actions (send-texts, create-contacts, etc.), so untrusted third‑party content could provide indirect instruction.