questionpro

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the agent connecting to QuestionPro via the Membrane CLI (e.g., "membrane connect --connectorKey questionpro" and "membrane action run ... --connectionId=CONNECTION_ID") to fetch survey/response data from a third-party, user-generated service (QuestionPro), which the agent is expected to read and act on as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs running npx @membranehq/cli@latest (and npm install -g @membranehq/cli@latest), which fetches and executes remote package code from the npm registry (e.g. https://www.npmjs.com/package/@membranehq/cli) at runtime and is required for the skill to operate.