zenhub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs the agent to connect to ZenHub and use Membrane actions and proxy requests (see "Working with ZenHub" and "Proxy requests" sections such as membrane action run and membrane request CONNECTION_ID /path/to/endpoint) to fetch ZenHub data (issues/comments), which are user-generated third‑party content the agent will read and could influence subsequent actions.