flodesk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill issues Membrane-backed requests to a third-party Flodesk account (e.g., the documented membrane action run commands like list-subscribers, get-subscriber and the membrane request proxy) and therefore ingests user-generated/untrusted subscriber/workflow content from an external service that the agent is expected to read and act on.