nhanh-vn

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to connect to external apps (e.g., membrane connection ensure "https://nhanh.vn/"), proxy arbitrary API endpoints via membrane request, and consume action-list/action-run outputs and clientAction.agentInstructions returned by the connected app, so the agent will read and act on untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls membrane connection ensure with the app URL "https://nhanh.vn/" at runtime, and the Membrane service can return clientAction.agentInstructions (instructions for the AI agent) as part of the connection state, meaning externally-provided content can directly control agent prompts.