google-trends

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches public Google Trends data (via TREND_URL = "https://trends.google.com/trending/rss?geo={geo}" in scripts/trends.py and the browser CSV download implemented in scripts/trends_us_list.py using Playwright), parses those public/user-originated keywords, and directly uses them in scripts/trends.py's scan/score/prioritization workflow to decide notifications and actions, so untrusted third‑party content can materially influence agent behavior.