docker-hub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill’s SKILL.md instructs the agent to connect to Docker Hub via the Membrane CLI and to list/run actions (e.g., membrane action list / action run) that fetch Docker Hub repository/tag data — public, user-generated content — which the agent is expected to read and act on, so third-party content could influence subsequent decisions.