limitless

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill makes runtime API calls to the external Limitless service (e.g., call_api calls to https://api.limitless.ai/v1/lifelogs with includeMarkdown/includeContents and the cmd_get/cmd_search flows), retrieving user-generated transcripts and segment text that the agent reads/prints and can influence follow-up actions (audio download, delete), so untrusted third-party content could inject instructions indirectly.