mem9-recall

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly instructs the agent to curl and read results from the Mem9 memories API (e.g., https://api.mem9.ai/.../memories?q=KEYWORD), which ingests user-generated/shared memories that the agent must evaluate and can materially influence its next actions, so untrusted third-party content could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill issues a runtime curl to ${MEM9_API_URL:-https://api.mem9.ai}/v1alpha1/mem9s/... (defaults to https://api.mem9.ai) to fetch memories which are read and injected into the agent's context and thus can directly control prompts/outputs.