personize-memory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly ingests untrusted, user-generated third-party content (e.g., CRM syncs like templates/hubspot.md and recipes/data-sync.ts, webhook Intercom conversation bodies in reference/memorize.md, and web page content via the Webpage/customKeyName examples) and explicitly processes that content with memory.memorize/enhanced and smartDigest/smartRecall which are then used to drive agent decisions (sending messages, context assembly), so malicious third-party content could indirectly inject instructions.