freshdesk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to list and retrieve Freshdesk tickets (e.g., "List Tickets", "Get Ticket" in the "Popular actions") and to proxy arbitrary Freshdesk API requests via Membrane ("membrane request CONNECTION_ID /path/to/endpoint"), which causes the agent to fetch and act on user-generated/untrusted ticket/forum content from a third-party service that can materially influence subsequent actions.