landbot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill reads user-generated customer data and messages from Landbot via Membrane actions (e.g., list-customers, get-customer) and the Membrane proxy request to the Landbot API, and those retrieved messages can be interpreted by the agent and used to drive follow-up actions like assign/block/delete, allowing indirect prompt injection.