quipu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflow (e.g., "Proxy requests" and "Running actions" sections instructing commands like membrane action run and membrane request CONNECTION_ID /path/to/endpoint) explicitly fetches data from the external Quipu API (user-generated account data), which the agent is expected to read and could materially influence subsequent actions, exposing it to untrusted third-party content.