getnote

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's bundled scripts (e.g., scripts/getnote.mjs handleSaveLink/handleSaveImage and note-detail flows) explicitly poll and read note detail/data (references/save.md and references/list.md note detail may include web_page, and references/knowledge.md exposes blogger/content routes), meaning it ingests untrusted public web/blog content (via saved links or subscribed knowledge/blogger content) and uses those results to drive summaries, follow-up inspections, and polling decisions—allowing third-party content to materially influence agent actions.