chatwoot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly uses Membrane to proxy requests to a Chatwoot instance (see "Proxy requests" and the Conversation/Message overview in SKILL.md, e.g., membrane request CONNECTION_ID /path/to/endpoint), which will return user-generated/untrusted conversation messages that the agent is expected to read and act on, allowing third-party content to influence actions.