getnote-note

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's "Save a note" command explicitly accepts arbitrary URLs ("Other URLs → async, auto-polls until done") and the agent is instructed to use -o json to parse returned note content/summaries, so it will fetch and ingest public web pages (untrusted third‑party content) as part of its workflow.