remembering

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and acts on open web and social content (e.g., web_search/deep_read and bsky_* in scripts/tasks/fly.md and scripts/tasks/zeitgeist.md) and also materializes utility-code memories from the Turso DB to disk (see _ARCH.md/utilities and boot/install_utilities), so untrusted/user-generated third‑party content is read and can directly influence decisions and tool actions (e.g., the "homework" override in scripts/tasks/dispatch.md instructs the agent to execute instructions found in memories).

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill uses the Turso HTTP API (default URL https://assistant-memory-oaustegard.aws-us-east-1.turso.io) at runtime to fetch "utility-code" memories which are materialized to /home/claude/muninn_utils/ and imported/executed—i.e., remote content from that URL can directly deliver and run code controlling the agent.