memos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts and SKILL.md show it fetches and reads memos, comments, attachments, and reactions from a user-specified MEMOS_URL (BASE="${MEMOS_URL%/}/api/v1" in scripts/memos.sh and the SKILL.md examples), which are user-generated/untrusted third-party contents that the agent would interpret and could drive follow-up actions (create/update/delete/react), enabling indirect prompt injection.