neo4j-agent-memory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly instructs the agent to verify live, authoritative state by fetching public third-party pages (e.g., PyPI at https://pypi.org/project/neo4j-agent-memory/, the GitHub README, and the NAMS OpenAPI at https://memory.neo4jlabs.com/openapi.json) and also references enrichment from public sources like Wikipedia/Diffbot, so untrusted user-generated content is read and can materially change outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The hosted MCP endpoint https://memory.neo4jlabs.com/mcp (and the companion REST base https://memory.neo4jlabs.com/v1/) is explicitly used at runtime to supply the hosted toolset and memory/context that are injected into agent prompts, so it is an external runtime dependency that can directly influence agent instructions.