heyzine

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly directs the agent to connect to Heyzine via the Membrane CLI (membrane connect --connectorKey heyzine) and to run/list actions (membrane action list / action run) that fetch Heyzine data (flipbooks/pages/hotspots) from the third-party service (heyzine.com/api) and consume the action outputs as part of the workflow, which exposes the agent to untrusted, user-generated content that could influence subsequent actions.