storyblok

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the agent uses Membrane actions like "get-story" and "list-stories" against Storyblok (a third‑party headless CMS) so the agent will fetch and read user-generated/untrusted CMS content as part of its workflow (e.g., the "Popular actions" and "Running actions" sections describe retrieving Storyblok stories/assets).