hootsuite

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill calls Hootsuite via Membrane to list and fetch social media content (e.g., "List Messages", "Get Message", "List Social Profiles") and explicitly surfaces connector-provided fields like clientAction.agentInstructions in the SKILL.md "Working with Hootsuite" section, so untrusted user-generated third-party content and agentInstructions can be read and influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill invokes the external Membrane CLI (installed via npm @membranehq/cli) at runtime—e.g. using membrane connection ensure "https://www.hootsuite.com/"—and the Membrane service can return clientAction.agentInstructions which directly supply instructions for the AI agent, so runtime-fetched content can control prompts.