gist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to fetch and read user-created Gist content via Membrane actions and the proxy (e.g., "membrane action run" and "membrane request CONNECTION_ID /path/to/endpoint"), which retrieves untrusted, user-generated content from the Gist API that the agent is expected to interpret and that could influence subsequent actions.