vapi

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to connect to Vapi via the Membrane CLI and to run actions or proxy arbitrary API requests (e.g., "membrane request CONNECTION_ID /path/to/endpoint") to fetch call recordings, conversations, and transcripts from Vapi—clearly untrusted/user-generated third‑party content the agent is expected to read and act on, per the SKILL.md workflow.