rss-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill ingests arbitrary public RSS/Atom feeds (see SKILL.md commands like "agent-rss add " and "agent-rss fetch --all > /tmp/...", followed by "read /tmp/..." and summarization workflows), so untrusted third-party feed content is read and used to drive agent decisions, enabling indirect prompt injection.