httpsms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). SKILL.md explicitly instructs using Membrane CLI actions such as "list-messages", "list-message-threads", and "update-message-thread" which retrieve SMS content from external users (user-generated/untrusted) that the agent is expected to read and could drive follow-up actions like sending replies.