devrev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to run DevRev actions (e.g., list-conversations, list-works, get-conversation) and to proxy arbitrary requests to the DevRev API via Membrane, which will fetch user-generated/untrusted conversation and work-item content that the agent is expected to read and could materially influence its actions.