zuplo

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs Membrane CLI commands at runtime (e.g., membrane connection ensure "https://zuplo.com/") and the returned connection object can include clientAction.agentInstructions—remote content that would directly instruct the AI agent—so https://zuplo.com/ (via the Membrane proxy) is a runtime source that can control agent prompts.