appcircle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly instructs the agent to use the Membrane CLI to connect to Appcircle and run actions (e.g., membrane action list / membrane action run) that fetch Appcircle data (builds, test results, commits, etc.) which are third-party, user-generated/untrusted content and whose "output" the agent is expected to read and act on (see SKILL.md examples for action list/run and "The result is in the output field"), enabling indirect prompt-injection risk.