migma

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly includes "migma projects import https://yourbrand.com --wait --json", which fetches logos, colors, fonts, and the site's "brand voice" from an arbitrary public website and uses that content to influence email generation, exposing the agent to untrusted third-party content that could inject instructions indirectly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The command "migma projects import https://yourbrand.com" (also shown as https://theirwebsite.com) fetches a remote website at runtime to extract "brand voice" (along with logos/colors/fonts) which the skill then uses to steer AI generation, meaning external content can directly control prompts.