charisma

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md directs the agent to use the Membrane CLI to call Charisma APIs (e.g., membrane action list, membrane action run, and membrane request) which will fetch user-generated Charisma story/character content from a third-party service that the agent is expected to read and act on, so untrusted third‑party content could inject instructions.