daily-press-scanner

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's scripts (scripts/extract.py -> download_or_copy_source) fetch arbitrary HTTP/HTTPS PDF URLs supplied via --url/--urls/--source-config, and SKILL.md explicitly requires the AI to read and interpret the produced text/<paper_slug>/page-*.txt files to identify, sort, summarize and decide which articles to expand, so untrusted third‑party PDFs can directly influence agent behavior.