follow-builders

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's prepare-digest.js explicitly fetches public feed files from raw.githubusercontent.com (FEED_X_URL and FEED_PODCASTS_URL) that are generated from X/Twitter posts and YouTube transcripts, and the SKILL.md / prepare-digest.js workflow requires the agent/LLM to read and remix those JSON contents (including prompts and transcripts) into output — meaning untrusted, user-generated third‑party content is ingested at runtime and can materially influence the agent's behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). High confidence: the runtime script prepare-digest.js fetches remote prompt and feed content from raw.githubusercontent.com (e.g. https://raw.githubusercontent.com/zarazhangrui/follow-builders/main/prompts/summarize-tweets.md and https://raw.githubusercontent.com/zarazhangrui/follow-builders/main/feed-x.json) and injects those prompt files and feeds into the JSON consumed by the LLM, so external URLs are used at runtime and directly control agent instructions.