readwise-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill fetches and analyzes user-saved content (highlights and Reader documents) from the Readwise APIs (see scripts/readwise-client.ts calling https://readwise.io/api/v2/highlights/ and https://readwise.io/api/v3/list/), which can contain arbitrary external article text and URLs from the open web that the agent ingests and interprets for insight extraction—exposing it to untrusted third-party content.