perigon

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md instructs the agent to connect to Perigon via the Membrane CLI and to run actions like membrane action list and membrane action run to retrieve Article/Search results from Perigon (an external news aggregator/public web source), so the agent will ingest and act on third-party public content that could contain instructions.