acf

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to connect via the Membrane CLI to ACF (a WordPress plugin) using commands like membrane connect and membrane action run, which fetch and return ACF entries/fields (user-generated content from third-party WordPress sites) that the agent is expected to read and act on (see SKILL.md sections "Connecting to ACF" and "Running actions" where results are returned in the action output), so untrusted third‑party content can influence subsequent decisions and tool use.