circle-1

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs connecting to Circle via the Membrane CLI and running actions (e.g., membrane action run) to interact with Circle data such as posts, direct messages, files and members — user-generated third-party content the agent will read and that could influence subsequent actions.