chaindesk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly describes ingesting and querying external, user-generated or public web content—e.g., "Create Web Site Datasource" and "Create Web Page Datasource" plus "Get Conversation Messages" and Membrane proxy requests—so the agent will fetch and read untrusted third-party pages and messages that could contain instructions influencing its actions.