rss-automation

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly uses feedparser.parse to fetch and process public RSS/Atom feeds (see "Parse a Feed" and "Feed Sources Examples" listing Hacker News, TechCrunch, ArXiv), and those untrusted third‑party feed entries are read, filtered, and used to drive notifications/actions, so they could inject instructions that influence the agent's behavior.