bear-x-callback-url

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill includes a grab-url action that creates a note from an arbitrary web page URL (references/grab-url.md), which plainly ingests untrusted public web content that the agent could cause Bear to fetch and then read (e.g., via open-note), enabling indirect instruction injection.