cosense

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts and docs (scripts/cosense_api.sh, SKILL.md, and references/api.md) explicitly fetch and read user-generated Cosense/Scrapbox pages from https://scrapbox.io via GET endpoints (get-page, list-pages, search), and that page text/lines are ingested and used to decide backups, creation, editing, and imports—so untrusted third-party content could contain instructions that materially influence the agent's actions.