superdocu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md instructs the agent to connect to external Superdocu instances (e.g., via membrane connection to https://www.superdocu.com/), list/run actions, and proxy arbitrary API requests to fetch Documents/Pages/Templates—which are untrusted, user-generated third-party content that the agent is expected to read and act on (see the "Searching for actions", "Running actions", and "Proxy requests" sections), enabling indirect prompt injection.