readwise-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly shows fetching and ingesting arbitrary public URLs (e.g., "readwise save https://example.com/article") and returning full HTML content ("readwise get --html --json"), so untrusted third‑party web content is read and made available for the agent to process, enabling indirect prompt injection.