easycalendar

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to fetch and act on data from the external EasyCalendar API (see "Proxy requests" — membrane request CONNECTION_ID /path/to/endpoint and the membrane action run workflows), which will contain third‑party/user-generated calendar data that the agent reads and can drive subsequent actions, exposing it to indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires installing and running the external Membrane CLI (npm install -g @membranehq/cli — https://www.npmjs.com/package/@membranehq/cli), which fetches and executes remote code at runtime and is relied on as a required dependency, so it presents execution risk.