getnote-note

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "Save a note" command explicitly accepts HTTP/HTTPS URLs and saves link notes (SKILL.md "Save a note" section), and the Agent Usage Notes instructs parsing -o json outputs programmatically, so untrusted web content fetched from arbitrary URLs can be ingested and influence the agent's decisions/actions.