rocket-chat

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly instructs the agent to connect to Rocket.Chat via the Membrane CLI and run actions against "Rocket Chat data" (see "Use when the user wants to interact with Rocket Chat data" and the membrane action run/list examples in SKILL.md), which fetches and interprets user-generated chat content from third-party sources that could contain malicious instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs installing/running the Membrane CLI from npm (npm install -g @membranehq/cli@latest and npx @membranehq/cli@latest ...) which fetches and executes remote code at runtime and is a required dependency for discovering/building/running actions that control agent behavior.