kvdb

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill instructs the agent to fetch and run requests against the public KVdb API via Membrane (e.g., "membrane request CONNECTION_ID /path/to/endpoint" and action run/list), and the workflow explicitly surfaces untrusted third-party outputs (including returned action output and optional clientAction.agentInstructions) that the agent is expected to read and could materially change its actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). At runtime the skill uses the Membrane CLI to call connection endpoints such as "https://kvdb.io/" and may consume returned clientAction.agentInstructions (from the Membrane/connector response) that directly tell the agent how to proceed, so external content from that URL can control agent prompts.