pageclip

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md "Proxy requests" section instructs using membrane request CONNECTION_ID /path/to/endpoint to fetch data from the Pageclip API (which contains user-generated form submissions on public sites), so the agent will ingest and act on untrusted third-party content that could contain instructions.