sendsms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md explicitly directs the agent to connect to a SendSMS connection and run Membrane actions (e.g., "membrane action run ...", "Manage SMSes, Contacts, Groups") which will fetch SMS/contacts from the external SendSMS service (user-generated/untrusted content) and return outputs the agent is expected to read and act on, so third-party content can influence subsequent decisions.