scrapinghub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs using the Membrane CLI to connect to Scrapinghub and create/run actions (e.g., "membrane action create" and "membrane action run") to retrieve scraped data from websites, so the agent would ingest untrusted public web content from Scrapinghub outputs that could contain actionable instructions.