bigbox

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md explicitly lists actions like "Get Product Reviews" and "Get Product Questions" that retrieve customer-generated content from Home Depot (public web) via Membrane and the agent is expected to run those actions and consume their outputs (e.g., using membrane action run), so untrusted third-party content can be ingested and influence subsequent decisions.