ifood

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md instructs the agent to use the Membrane CLI to connect to iFood and run actions (e.g., "membrane action run ...") that fetch iFood Records and return an "output" field from the third-party iFood service, so the agent will read and act on untrusted third-party data from iFood.