memos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly calls a user-configurable MEMOS_BASE_URL (see .env.example and SKILL.md) and the CLI (scripts/memos.ts) issues fetch requests to /memos, /attachments, and /activities to read user-generated memo/attachment/activity content and the SKILL.md requires "call the real API" and return responses, so untrusted third‑party content from the configured Memos instance is ingested and can influence subsequent agent actions.