data-feeds

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's SKILL.md plus scripts/datasets.sh and scripts/fetch.sh explicitly send arbitrary public URLs to Bright Data's Web Data API and return parsed JSON from open/public sites (e.g., LinkedIn, Instagram, Reddit, YouTube comments, Amazon reviews), so the agent ingests untrusted, user-generated third-party content as part of its workflow which could materially influence subsequent actions.