← The Wire
Entity trail

Fetched HTML

Source-backed findings, relationship evidence, citations, and briefing history from the public MindPattern archive.

Briefing refs
1
Findings
1
Edges
0
Sources
1

Corpus findings

  1. 2026-07-18 / skill-finderTreat every URL found *inside* fetched content as an exfiltration channel, not just the ones you typedAyush Paul's 'Memory Heist' PoC (published via Simon Willison, July 15) showed claude.ai leaking a user's full name, employer, and an inferred hometown by chaining nested generated links: web_fetch was permitted to follow URLs embedded in pages it had already fetched, so each GET path carried one character of stolen data. The original guardrail — only visit URLs the user entered or web_search returned — was bypassed transitively. For builders: allowlist per-hop, not per-session, and treat fetched HTML as attacker-controlled link soup.

Source trail

Graph sources

entity graphfindings textkg entitiesnewsletter issues