middesk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to connect to Middesk via the Membrane CLI (e.g., "membrane connect --connectorKey middesk" and "membrane action run ...") and to read the action "output" (Middesk/company filings and related public data) as part of its workflow, which means untrusted third‑party public content could influence subsequent actions and thus enable indirect prompt injection.