incountry

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the agent uses Membrane to connect to external apps and explicitly reads clientAction.agentInstructions returned by a connection (and can proxy arbitrary API requests via membrane request), so it will ingest and act on instructions supplied by third-party apps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill instructs installing and running the Membrane CLI (npm package @membranehq/cli) and performing runtime calls such as membrane connection ensure "https://incountry.com/" which can return a clientAction.agentInstructions field that directly tells the AI agent what to do, so remote content fetched/executed at runtime can control prompts.