drift

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs the agent to list and retrieve Drift resources (e.g., "get-conversation-messages", "list-conversations", "get-conversation") via the Membrane connector, which pulls user-generated/untrusted conversation and contact content from a third-party service that the agent reads and can act on (e.g., creating messages), enabling indirect prompt injection.