gpt-trainer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's documentation explicitly includes a "Create URL Data Source" action that creates a URL data source "for a chatbot to train from web content" and the Membrane action workflow (search/run actions and create actions) lets the agent ingest arbitrary public web pages, which could contain untrusted user-generated instructions that influence model behavior.