scrapingdog

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs using ScrapingDog (via the Membrane CLI) to scrape and return data from public websites (e.g., "ScrapingDog is a web scraping API" and the "membrane action run" -> "output" workflow), meaning the agent will ingest untrusted third-party web content that can influence its subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill depends on the Membrane CLI being installed/run at runtime (e.g., npx/@membranehq/cli — https://www.npmjs.com/package/@membranehq/cli), which fetches and executes remote code and is required to drive the agent's action discovery/execution.