aircall

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md instructs the agent to connect via the Membrane CLI to the third-party Aircall service and run actions such as "list-calls" and "list-contacts" (e.g., membrane action run), which fetch user-generated/untrusted data from Aircall that the agent is expected to read and which could influence subsequent actions (create/update/delete), enabling indirect prompt injection.