klazify

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the agent calls Klazify (via Membrane) to classify or proxy arbitrary public URLs (see "Popular actions" like "Categorize URL" and the "Proxy requests" section), which ingests untrusted third‑party webpages whose content can influence subsequent decisions and tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill calls the Membrane CLI at runtime with membrane connection ensure "https://www.klazify.com/" which can return a clientAction.agentInstructions (and clientAction.uiUrl) that directly supply instructions the AI agent should follow, meaning that content fetched from that URL can control agent prompts.