phyllo

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches creator data from public platforms (see SKILL.md: "Phyllo ... access creator data from various platforms like YouTube, TikTok, and Instagram") via Membrane actions (e.g., membrane action run ... whose output the agent is expected to read), so untrusted, user-generated third‑party content can be ingested and influence subsequent decisions.