voiceflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md instructs the agent to connect to Voiceflow via the Membrane CLI and to "action list" and "action run" (see "Searching for actions" and "Running actions"), which causes the agent to ingest action descriptions and outputs coming from user-created Voiceflow projects (untrusted third-party user-generated content) that can influence which actions are chosen and subsequent behavior.