ftrack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md instructs the agent to connect via Membrane to an external FTrack instance and run actions such as "List Notes", "List Reviews", "List Files" and "List Asset Versions", which fetch user-generated/untrusted content from a third-party system that the agent will read and could alter subsequent tool actions.