mymind

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). This prompt explicitly instructs copying full browser Cookie headers and x-authenticity-token values and embedding them verbatim in mymind init --cookie ... --token ... commands, which requires the LLM to handle/output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly instructs running mymind update to fetch /cards from access.mymind.com and read the resulting ~/.mymind/bookmarks.json, meaning the agent ingests user-generated/bookmark content from a public third-party source that it will read and act on (search/return results), so untrusted content could influence decisions.