p-daily-reflection

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required Step 2 agents explicitly fetch and ingest user-generated third-party content (GitHub activity via gh API as shown in references/agent-gather-github.md, Slack messages via mcp__plugin_slack_slack__slack_search_public_and_private in references/agent-gather-slack.md, and Fireflies transcripts via mcp__fireflies__fireflies_get_transcripts in references/agent-gather-fireflies.md), and that content is analyzed and used to generate action items and update persistent memory, so untrusted external text could materially influence the agent's decisions and tool use.