frameio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md shows using Membrane to call Frame.io endpoints (e.g., "list-comments", "get-comment", "get-asset" and proxy requests) which fetch user-generated comments and asset data from a third-party service that the agent would read and could influence subsequent actions, creating a risk of indirect prompt injection.