wisdom-capture

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch and ingest content from external URLs — e.g., Step 2 ("If the snippet contains a URL, attempt to fetch the page title and author") and the "URL import handoff" / Phase 3 (use yt-dlp/Playwright metadata, captions, transcripts, top comments, keyframes, and follow scraping directives/open the URL), which are untrusted public/user-generated sources and are read and used to synthesize candidate bodies and drive categorization/commit decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly fetches user-supplied URLs at runtime ("If the snippet contains a URL, attempt to fetch the page title and author..." and the URL-import flow consumes scraped transcripts/frames) so arbitrary remote page content (e.g., any user-provided URL such as https://en.wikipedia.org/wiki/Donald_Knuth) can be injected into the model context and directly influence agent outputs.