etermin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to call and proxy ETermin API endpoints (e.g., "membrane request CONNECTION_ID /path/to/endpoint" and "membrane action run ...") and explicitly lists actions that retrieve user-generated content like "List Ratings — Retrieve customer ratings and reviews," meaning the agent will fetch and interpret untrusted third-party data from the public service as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill relies on the Membrane CLI (installed/used at runtime, e.g. via @membranehq/cli — https://www.npmjs.com/package/@membranehq/cli) and the Membrane service responses can include clientAction.agentInstructions returned at runtime, which directly provide instructions for the AI agent and thus control prompts.