flowmind

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and references explicitly instruct the agent to fetch user-generated data from the FlowMind API (e.g., GET /notes, GET /tasks, GET /people/:id against https://flowmind.life/api/v1) and to read/review that content as part of workflows like "meeting prep" and "daily focus", so untrusted third-party content could influence actions and enable indirect prompt injection.