wiki-brain

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's ingest flow explicitly fetches arbitrary URLs ("If it's a URL: fetch content..." in SKILL.md Step 2 and the /wiki-brain ingest command) and then "Read the source in full" and incorporate it into the wiki that Claude queries for future decisions, so untrusted public web content can directly influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's runtime ingest feature (/wiki-brain ingest ) fetches arbitrary user-supplied URLs and "read[s] the source in full" so remote content (i.e., any user-provided URL passed to /wiki-brain ingest) is fetched at runtime and directly fed into Claude's context, allowing that external content to control prompts/outputs.