planyo-online-booking

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly directs the agent to connect to the Planyo service and to issue arbitrary proxied API requests and run actions via Membrane (e.g., "membrane request CONNECTION_ID /path/to/endpoint" and action run commands), which causes the agent to ingest external Planyo data (bookings/customers/etc.) that is third‑party/user‑generated and could materially influence subsequent actions.