pubnub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill instructs the agent to use Membrane to call and proxy PubNub APIs (see "Searching for actions", "Running actions", and "Proxy requests" in SKILL.md), which will fetch and return arbitrary user-generated PubNub messages/files from third-party endpoints that the agent is expected to read and may act on—exposing it to indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill relies on the Membrane CLI (installed/run via @membranehq/cli) and calls such as membrane connection ensure "https://www.pubnub.com" which, per the docs, can return a clientAction.agentInstructions field from the remote Membrane service at runtime that directly supplies instructions to the AI agent (flagging https://www.pubnub.com and the Membrane CLI/npm package https://www.npmjs.com/package/@membranehq/cli).