loyjoy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill uses the Membrane connector to connect to LoyJoy (via commands like "membrane connect", "membrane action list" and "membrane action run") which fetches LoyJoy data (chatbot Q/A and user messages) from a third‑party system that the agent is expected to read and act on, exposing it to untrusted user-generated content that could influence subsequent actions.