smartsuite

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows actions like "List Records" and "Get Record" and a proxy request feature via Membrane that fetches Smartsuite workspace records/comments (user-generated, third-party content) which the agent would read and could drive follow-up actions such as update-record or delete-record, creating a clear avenue for indirect prompt injection.