xeditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly instructs using Membrane actions and proxy requests (see "Working with Xeditor", "Running actions", and "Proxy requests") to fetch and interact with Xeditor data (user-generated documents) from a third-party service, which the agent would read and could let that content influence subsequent actions.