mattermost

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and interacts with Mattermost content (channels/posts) via Membrane actions and the proxy request flow (see SKILL.md references to "Channel -> Post", membrane action run, and membrane request CONNECTION_ID /path/to/endpoint), which exposes the agent to user-generated, third-party messages that could contain instructions influencing agent decisions.