waiverforever

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow (e.g., the "membrane action run" and "membrane request CONNECTION_ID /path/to/endpoint" commands in SKILL.md) explicitly fetches data from the WaiverForever API — which can contain user-generated waivers/signers — and the agent is expected to read and act on that content, so untrusted third‑party content could influence decisions or actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs installing and invoking the Membrane CLI (npm install -g @membranehq/cli and npx @membranehq/cli@latest), which fetches and executes code from the npm registry (e.g. https://registry.npmjs.org/@membranehq/cli) at runtime and is a required dependency.