slite-knowledge-base

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SKILL.md shows the agent directly fetches and interprets user-generated Slite content (e.g., /v1/notes, /v1/notes/NOTE_ID, /v1/search-notes and the AI /v1/ask endpoint, plus /v1/knowledge-management/notes/public), so untrusted or public notes could contain instructions that materially influence the agent's outputs and actions.