github-profile-architect

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly requires a custom Python "RSS Blog Fetcher" that fetches and parses a user's public RSS feed (index.xml) and injects the top links into the README, which means the agent will ingest untrusted, third-party user-generated content at runtime and use it to drive automated output changes.