beaver-rss-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches public RSS feeds listed in config/config.example.yaml (rssFeeds xmlUrl entries) and SKILL.md states "从 RSS 源抓取文章", and those fetched, untrusted third‑party articles are passed into the LLM prompt templates (prompts.summary, prompts.scoring, prompts.highlights) for scoring and summarization—so external content can directly influence model behavior.