the-graph

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill explicitly instructs the agent to use the Membrane CLI to query The Graph (e.g., "membrane action run ... --connectionId=CONNECTION_ID --json" and "The Graph is a decentralized indexing protocol" in SKILL.md), which pulls public, user-generated blockchain/indexed data into the agent's workflow and the agent is expected to read/interpret the action outputs, so untrusted third-party content can influence subsequent actions.