spydra

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly documents Spydra as a web-scraping tool that "collect[s] information from websites" and instructs using Membrane actions (e.g., membrane action run ... whose "result is in the output field") so the agent will fetch and ingest untrusted public web content returned by those actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill instructs running/fetching the Membrane CLI at runtime (e.g., npx/npm install of @membranehq/cli — https://www.npmjs.com/package/@membranehq/cli), which downloads and executes remote code and is presented as a required dependency for interacting with Spydra.