second-brain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md and scripts/ensue-api.sh show it calls the external Ensue API (e.g., discover_memories, get_memory, list_keys) to fetch user-generated "public/*" entries from the third-party Ensue service, which the agent reads and uses to drive searches, retrievals, and follow-up actions—exposing it to untrusted third-party content that could contain indirect prompt instructions.