pipefy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — SKILL.md explicitly instructs using Membrane to run actions like "get-card" and "list-cards" and to proxy arbitrary Pipefy API requests (membrane request), which fetch user-generated Pipefy content (cards, comments, table records) that the agent is expected to read and act on, enabling potential indirect prompt injection.