prismic

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs the agent to run actions and to proxy arbitrary requests to the Prismic API via Membrane ("Running actions" and "Proxy requests" sections), which fetches user-generated CMS content from third-party sites that the agent will read and could influence subsequent decisions.