memory-router

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's routing algorithm in SKILL.md (Step 2 — RETRIEVE, for category D "external facts / live data") explicitly falls through to "web_fetch / browser" ("If low recall → web_fetch / browser"), so the agent will fetch and read open web content that can be untrusted/user-generated and influence subsequent actions.