memos

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's help instructions (docs/help.md Type 2) explicitly tell the agent to fetch external Memos docs (https://usememos.com/docs/api and GitHub), and the runtime scripts (e.g., scripts/api.cjs and the various actions) call the configured MEMOS_BASE_URL to GET/POST user-generated memos, comments, attachments and shares — content which the agent reads and uses to drive actions (e.g., confirmations, tag extraction, relations, share management), so untrusted third‑party content can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's help instructions explicitly tell the agent at runtime to fetch external docs (https://usememos.com/docs/api and https://github.com/usememos/memos) and "answer the user based on the fetched content", meaning those URLs would be fetched during runtime and their content would directly control the assistant's responses.