memory-notes

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). Flagged because the skill uses memory:// URLs at runtime (e.g., build_context({ url: "memory://api-design-decisions" }) and memory://docs/* in examples) to fetch note content that would be injected into the agent's context and can directly control prompts.