surprise-me

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md "Gather Data" step explicitly instructs the agent to fetch the user's Readwise/Reader highlights and documents (e.g., mcp__readwise__readwise_list_highlights, mcp__readwise__reader_list_documents), which ingest third-party/public web content and user-generated material that the agent will read and interpret to drive its analysis, creating a clear vector for indirect prompt injection.