hypeauditor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). Yes — SKILL.md explicitly instructs the agent to connect via the Membrane CLI to HypeAuditor (e.g., membrane connect --connectorKey hypeauditor and membrane action list/run --connectionId=CONNECTION_ID) to fetch influencer reports and other third‑party data from HypeAuditor's API which the agent must read and use to drive actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill explicitly requires installing/running the Membrane CLI (npm install -g @membranehq/cli@latest and npx @membranehq/cli@latest), which fetches and executes remote code at runtime and is a required dependency for the skill.