carbone

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's required workflow explicitly allows fetching and proxying arbitrary Carbone API endpoints (e.g., "membrane request CONNECTION_ID /path/to/endpoint") and includes actions that download templates and rendered documents ("get-template", "download-rendered-document"), which cause the agent to ingest third‑party templates/documents (potentially user-generated) that could contain instructions affecting subsequent actions.