chatfuel

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly allows calling arbitrary Chatfuel API endpoints via "membrane request" and uses action list/run outputs, meaning the agent will ingest responses from a third-party service (Chatfuel) that can contain user-generated/untrusted content (messages, blocks, attributes) which can influence which actions the agent performs.