using-anki-mcp

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill allows arbitrary external media URLs in add_note/update_note_fields (e.g., picture/audio/video url fields which "Anki [will] auto-download") and returns card content as HTML via present_card and review_session, meaning untrusted public web content can be fetched and read/interpreted by the agent during review workflows (INSTRUCTIONS.md and TOOLS-REFERENCE.md show these behaviors).