chatbotkit

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to use Membrane actions like list-messages, get-conversation, and list-dataset-records to fetch conversations, messages, and knowledgebase/article records from ChatBotKit (third-party user-generated content) which the agent would read and could materially influence subsequent actions.