reader-recap

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly calls Readwise MCP tools (mcp__readwise__reader_list_documents and mcp__readwise__reader_get_document_highlights) to fetch user-saved documents/highlights (including source_url and excerpted text from arbitrary public websites), and those fetched third-party contents are read and interpreted in SKILL.md to generate the briefing and follow-up action items, so untrusted external content can influence the agent's behavior.