zenserp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the agent uses the Membrane CLI to call Zenserp (a SERP API) via commands like membrane action run to fetch structured search engine result content from the open web (Zenserp results), which the agent is expected to read and could materially influence actions—exposing it to untrusted third‑party content.