whoson

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill connects to WhosOn via the Membrane CLI and explicitly references retrieving chat data (e.g., "Chats" → "Chat Transcript" and running actions with membrane action run in SKILL.md), meaning the agent will ingest user-generated/untrusted chat content from a third-party service that could contain actionable instructions.