integrate-anything

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt tells the agent to ask the user for a one-time login code and then run a CLI command embedding that code verbatim (npx ... login complete ) and also references passing workspace/tenant keys as CLI args, which requires the LLM to handle and output secret values directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill connects to arbitrary external apps (e.g., Slack, GitHub, public sites) via the Membrane API and explicitly surfaces connector/connection fields such as clientAction.agentInstructions (Step 1b) and action input/output schemas (Step 2) that are fetched from those third-party sources and can directly instruct or change agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill calls the Membrane runtime API (https://api.getmembrane.com) during execution and the API can return clientAction.agentInstructions that directly instruct the AI agent, making this a runtime external dependency that can control prompts.