smsapi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md instructs the agent to use Membrane to run actions and proxy requests against the SMSAPI service (e.g., "membrane action run" and "membrane request CONNECTION_ID /path/to/endpoint"), which will retrieve user-generated SMS messages and contacts from the third‑party SMSAPI backend that the agent is expected to read and act on, exposing it to untrusted third‑party content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires installing and running the Membrane CLI via npm/npx (e.g., npm install -g @membranehq/cli and npx @membranehq/cli@latest, which fetch and execute code from the npm registry such as https://registry.npmjs.org/@membranehq/cli) and the skill relies on that remote-executed CLI at runtime.