make-com

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly shows ingestion of untrusted third-party content — e.g., the HTTP module for calling arbitrary URLs and triggers like "Gmail: New email with attachment" / Google Drive uploads — which the scenario reads and uses to drive routing and actions, so external content can indirectly inject instructions that change behavior.