favro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly fetches Favro data (e.g., via "membrane action run" for list-comments/list-cards and the "membrane request" proxy) which is user-generated/untrusted content from a third-party service and the agent is expected to read/act on that content per SKILL.md, so those external comments/cards could inject instructions affecting subsequent actions.