graphlinq

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to use the Membrane CLI to connect to GraphLinq and run commands like "membrane action list/run/create" which fetch and expose user-created actions, templates, names, descriptions and schemas from the third‑party GraphLinq platform (untrusted, user-generated content) that the agent must read and act on.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The skill integrates with GraphLinq Protocol, a blockchain-focused no-code automation platform explicitly used by "blockchain developers, traders, and analysts to automate tasks like trading strategies" and it lists domain-specific primitives such as "Wallet" and "Account". The Membrane CLI instructions allow creating and running connection-specific actions (membrane action create / run) against GraphLinq — these actions can implement on-chain operations (trades, swaps, signing transactions, wallet actions). Because the integration is specifically targeted at blockchain/crypto workflows and exposes the ability to run actions tied to wallets/trading, it provides direct financial execution capability (crypto transaction/trade execution), not just a generic tool.