neverbounce

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly allows creating verification jobs "by supplying emails directly or via a remote URL" and to proxy arbitrary Neverbounce API calls with "membrane request CONNECTION_ID /path/to/endpoint", meaning the agent will fetch and ingest untrusted third‑party content (remote URLs / API responses) and use those results to drive actions like job creation, status checks, and deletions—allowing external content to materially influence behavior.