flexmail

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill instructs the agent to fetch and run actions and proxy requests against the Flexmail API via the Membrane CLI (e.g., "membrane action run" and "membrane request ..."), which returns untrusted/user-generated content such as contacts, templates, opt-in submissions and webhooks that the agent is expected to read and could materially influence subsequent actions.