openviking-memory

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md shows the plugin auto-captures arbitrary user/assistant messages ("Auto-Capture" at afterTurn) and auto-recalls/injects those stored memories into the prompt ("Auto-Recall" at before_prompt_build), meaning untrusted user-generated content is ingested and can directly influence the agent's decisions.