manageengine-servicedesk-plus-cloud

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to use Membrane to run actions and "proxy requests" against ManageEngine ServiceDesk Plus Cloud APIs (e.g., the "membrane request CONNECTION_ID /path/to/endpoint" and action run/list examples), which will fetch user-generated ticket/conversation data from a third-party cloud service that the agent is expected to read and act on, enabling potential indirect prompt injection.