prerenderio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's "Proxy requests" workflow in SKILL.md (membrane request CONNECTION_ID /path/to/endpoint) explicitly lets the agent fetch arbitrary Prerender.io endpoints that return pre-rendered HTML from public websites (third‑party, user-controlled content) which the agent may read and then use to drive follow-up actions like cache invalidation or other API calls, creating a pathway for indirect prompt injection.