squarespace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's SKILL.md explicitly allows proxying arbitrary requests to Squarespace (see "Proxy requests" and the membrane request CONNECTION_ID /path/to/endpoint) and is used to fetch/manage site content (pages/blocks/products) that can be public/user-generated and therefore could contain untrusted instructions influencing agent actions.