news-daily

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests content from public third-party sites (e.g., news-fetcher.sh and fetch-real-news.sh using web_search/web_fetch, news-sources.conf/news-sources.json listing TechCrunch, The Verge, 机器之心, 36氪, 虎嗅, plus youtube-fetcher.sh via yt-dlp and wechat-fetcher.sh via WeRSS) and then feeds those external articles/videos into the AI summarization workflow, which exposes the agent to untrusted third‑party content that could carry indirect prompt injection.