inmobile

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly exposes actions that fetch user-generated third-party content (e.g., "Get Incoming SMS Messages") and includes a Membrane proxy request flow (membrane request ...) that lets the agent retrieve arbitrary InMobile API data, so untrusted inbound messages or other user-provided content could be read and influence subsequent actions.