agent-brain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's ingest workflow (modules/ingest/SKILL.md and the main SKILL.md "Ingest: → Full pipeline: fetch → extract → store") instructs the agent to fetch user-provided public URLs, extract claims, store them as "ingested" memories, and later retrieve/apply those memories to inform responses, so arbitrary third‑party web content can be read and influence agent actions.