docusign

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly lets the agent fetch and read DocuSign user content via actions like "Download Document", "Get Envelope Form Data", and the "Proxy requests" flow through Membrane, meaning the agent will ingest arbitrary, user-created third‑party documents that could contain instructions influencing its next actions.