signable

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md instructs the agent to fetch and interact with Signable data via Membrane commands (e.g., "membrane action run" and "membrane request CONNECTION_ID /path/to/endpoint"), which retrieves third-party/user-generated documents and templates that the agent would read and could materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires installing/running the Membrane CLI at runtime (e.g., via "npm install -g @membranehq/cli" or "npx @membranehq/cli@latest", which fetches and executes code from the npm registry — e.g. https://www.npmjs.com/package/@membranehq/cli), and the integration depends on that external code to operate, so remote code is fetched and executed during runtime.