linkding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly queries a Linkding server and its /api endpoints (see SKILL.md and references/*) including "URL checking includes automatic metadata scraping" and scripts that curl bookmark URLs (references/quick-reference.md), meaning the agent ingests arbitrary user/public bookmark content (titles, descriptions, scraped page data and the pages themselves) and uses that data in workflows that decide actions (create/update/archive/delete), so untrusted third‑party content can materially influence tool actions.