picky-assist

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly connects to the external Picky Assist service via the Membrane CLI (e.g., "membrane connect", "membrane action run") to read/manage Picky Assist data such as Contacts, Conversations, and Broadcasts, which are user-generated/untrusted third-party content that the agent would ingest and could influence subsequent actions.