highlight-graph

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches user-generated Readwise highlights via readwise_list_highlights (SKILL.md Step 1) and requires the agent/subagents to read and interpret those highlight texts and any linked URLs to infer sources and produce semantic connections (Steps 2 and 4), so untrusted third-party content can materially influence agent decisions.