mo-note

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md shows the mocli note commands (note search/homepage/mine) fetch and present user-generated public notes (reply.notes and the note URLs like https://note.mowen.cn/detail/...) so the agent ingests untrusted third‑party content as part of its workflow that could influence its outputs or next actions.