builderio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md shows it uses Membrane to connect to Builder.io and exposes actions like "Get HTML Content" and "Get Content by URL" that fetch and render content from Builder.io spaces (user-provided/public site content), which the agent is expected to read and act on as part of its workflow, exposing it to untrusted third-party content that could carry indirect prompt injections.