morningmate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly directs the agent to fetch and proxy arbitrary Morningmate API endpoints and run actions via the Membrane CLI (see the "Proxy requests" and "Running actions" sections such as "membrane request CONNECTION_ID /path/to/endpoint" and "membrane action run"), which will ingest user-generated Morningmate content (tasks, notes, journal entries) from a third-party service that could materially influence agent decisions or subsequent actions.