invision-community

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly directs the agent to connect to Invision Community (a forum platform with user-generated content) and to fetch/inspect that content via Membrane actions and proxy requests (e.g., "membrane action run ..." and "membrane request CONNECTION_ID /path/to/endpoint"), so the agent will read untrusted third‑party forum data that can influence subsequent actions.