nlm-cli-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly ingests and processes open web and user-generated content — e.g., "nlm source add --url 'https://...'" (web pages/YouTube) and "nlm research start ... --mode deep" (web-only discovery) — and then reads/uses those sources for queries and generation (e.g., nlm notebook query, report/audio create), so untrusted third-party content can influence the agent.