reviewstudio

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's SKILL.md instructs the agent to connect to Review Studio via the Membrane CLI and run actions (e.g., "membrane action run" and listing Documents/Annotations) that fetch user-generated Review Studio content (documents/annotations), so untrusted third‑party content is ingested and could influence subsequent decisions.