poof

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to use Membrane action list/action run and the "Proxy requests" (e.g., membrane request CONNECTION_ID /path/to/endpoint) to fetch data from the external Poof API — a user-generated disappearing-message app — meaning untrusted third-party content would be ingested and could influence subsequent tool use and decisions.