evernote-core-workflow-a

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill fetches and processes user-generated Evernote note content via noteStore.getNote / getNoteWithResources (see Step 2 and example-workflow.js) and then extracts/interprets that ENML (extractText, hasUncompletedTodos) and takes actions (toggleTodo, appendToNote), allowing arbitrary note content to influence agent behavior.