build-persona

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 workflow explicitly calls mcp__readwise__readwise_search_highlights and mcp__readwise__reader_list_documents to ingest user Readwise library highlights and metadata (including sampled highlight texts and source titles) from public/third-party web content and uses those texts to build a persona and triage guidance that will influence downstream agent actions, so untrusted external content can materially affect behavior.