helpwise

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill instructs the agent to fetch and act on user-generated Helpwise data (e.g., conversation messages via actions like list-conversations/get-conversation and arbitrary endpoints via the Membrane proxy membrane request CONNECTION_ID /path/to/endpoint), so untrusted third-party content would be read and could materially influence actions.