defastra

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs using Membrane to run actions and proxy arbitrary requests to the Defastra API (see "Running actions" and "Proxy requests" sections with examples like membrane action run and membrane request CONNECTION_ID /path/to/endpoint), which will fetch user-generated third‑party content (issues, comments, worklogs) that the agent is expected to read and could materially influence subsequent tool use or decisions.