ultramsg

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly shows actions and proxy requests that fetch WhatsApp data via UltraMsg through Membrane (e.g., "List Messages", "List Chats", "List Groups" and the "membrane request" proxy), meaning the agent will ingest user-generated, third-party message content that could contain instructions influencing its subsequent actions.