fomo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs the agent to use Membrane commands like "membrane action list", "membrane action run", and "membrane request" to fetch data from the Fomo API (e.g., events and clientAction objects), which are third-party/user-generated and include clientAction.agentInstructions and output fields the agent is expected to read and act on, allowing untrusted content to influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill calls the Membrane CLI at runtime (e.g., membrane connection ensure "https://fomo.com/"), and the Membrane response can include clientAction.agentInstructions — remote, runtime-provided instructions that can directly control the AI agent's behavior, so https://fomo.com/ (as used in the runtime command) is a risky external dependency.