letta-filesystem-to-memfs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's ingest workflow explicitly accepts and downloads arbitrary http(s) URLs via the --source flag (see SKILL.md example using https://... and the download_source function in scripts/letta_fs_to_memfs.py), then ingests and indexes that untrusted third‑party content into chunk files and QMD collections that the agent will read/search and use to drive subsequent actions.