salla

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and act on data from external Salla connections via Membrane (e.g., "membrane request CONNECTION_ID /path/to/endpoint" and the action list / clientAction.agentInstructions flow in SKILL.md), which ingests untrusted third-party/user-generated content that can include agentInstructions and materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls the Membrane CLI at runtime (e.g., using the app URL "https://s.salla.sa" with membrane connection ensure), and the Membrane service can return a clientAction.agentInstructions payload that directly instructs the AI agent, so remote responses from that external service can control agent prompts.