chatwork

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly documents actions like "List Messages" and "Get Message" that fetch user-generated Chatwork messages via the Membrane connection (and also allows arbitrary proxy requests via membrane request), so the agent would ingest untrusted third‑party chat content that could contain instructions influencing subsequent actions.