evernote-incident-runbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The runbook explicitly instructs fetching and inspecting public Evernote endpoints (e.g., curl https://status.evernote.com/api/v2/status.json and https://www.evernote.com/ in SKILL.md and references/implementation-guide.md) and uses those external responses to decide actions like activating a circuit breaker, so it consumes and acts on untrusted third‑party web content.