easyly

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to call Membrane/Easyly (e.g., "membrane action list --connectionId=... --intent") and ingest returned action results (id, name, description, inputSchema) from the user's Easyly account — these are third-party, potentially user-generated descriptions that the agent reads and uses to choose and run actions, so they could indirectly inject instructions.