phyllo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs using Membrane to proxy requests to the Phyllo API and to connect to creator platforms (e.g., "Phyllo... access creator data from various platforms like YouTube, TikTok, and Instagram" and the "membrane request CONNECTION_ID /path/to/endpoint" flow), which means the agent will fetch and read untrusted, user-generated third‑party content that can influence subsequent actions.