memos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill repeatedly fetches and parses user-generated memo content from the configured MEMOS_URL (see scripts/search-api.sh, scripts/memo-api.sh, scripts/tag-api.sh and the SKILL.md "Search and Retrieve" / "Organization" flows) and then uses that content to make decisions and perform follow-up actions (search, update, rename, tag), so untrusted public memos could indirectly inject instructions.