roboflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow explicitly instructs the agent to connect to Roboflow via the Membrane CLI and run actions (e.g., "membrane action list" and "membrane action run") to fetch Roboflow project/dataset outputs — which are user-provided, third-party images/annotations — and the agent is expected to read those action outputs as part of its workflow, creating a clear avenue for untrusted content to influence decisions.