botpress

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's documented actions (e.g., "List Messages", "List Conversations", and "List Events" in SKILL.md) instruct the agent to fetch and read user-generated chat content from a Botpress instance via the Membrane connector, which is untrusted third-party content that could influence subsequent actions (create-message, create-event, update-user).