usersketch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to run Membrane actions and proxy requests (e.g., "membrane action run" and "membrane request CONNECTION_ID /path/to/endpoint") to fetch and manage UserSketch data — a user-research platform that can contain untrusted, user-generated content — which the agent is expected to read and act on as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill requires installing and running the Membrane CLI (npm install -g @membranehq/cli — package fetched from https://registry.npmjs.org/@membranehq/cli), which downloads and executes third‑party code used at runtime (e.g., via membrane action/run and membrane request), so it is a runtime external dependency that executes remote code.