craftcms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Proxy requests" and action-run sections show the agent will query arbitrary endpoints and run actions against external CraftCMS instances via Membrane, meaning it will fetch and interpret potentially untrusted CMS entries/assets (third‑party/user‑generated content) that can influence subsequent actions.