leadoo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs using Membrane to proxy requests to the Leadoo API (see "Proxy requests" and the example "membrane request CONNECTION_ID /path/to/endpoint") and to list/run actions that return visitor/conversation/lead data (user-generated content), which the agent would read and act on—exposing it to untrusted third‑party content that could contain instructions.