yotpo-loyalty-referrals

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs the agent to connect to and proxy requests to the external Yotpo service (e.g., using "membrane connection ensure"/"membrane connection get" and "membrane request") and explicitly mentions a returned clientAction.agentInstructions field that the agent is expected to read/act on, which exposes it to untrusted third‑party content/instructions from Yotpo or arbitrary API responses.