zenrows

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill integrates ZenRows, a web-scraping API, and instructs the agent to run Membrane "Scrape" actions (e.g., "Scrape with JavaScript Rendering" and using membrane action run) to fetch and ingest content from arbitrary public websites, which are untrusted third‑party sources that could contain instructive content influencing agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing and using the Membrane CLI (installed via "npm install -g @membranehq/cli@latest"), which fetches and installs remote code that will be executed/used at runtime to drive actions and agent behavior, so this external package source is a runtime dependency that can execute remote code.