tripetto

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md instructs the agent to use the Membrane CLI to connect to a Tripetto connection and to run/list actions (e.g., membrane action list / membrane action run) and consume the returned output and schemas from that connection — which are likely to contain untrusted, user-generated Tripetto form data or action descriptions that the agent will read and act on.