openrouter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the agent uses Membrane to call OpenRouter endpoints (e.g., create-chat-completion, get-generation, and proxy requests) and consumes those external model/API responses as part of its workflow, so untrusted third-party content from OpenRouter/providers could influence actions and enable indirect prompt injection.