gate-news-briefing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Execution Workflow (SKILL.md Step 2 and the scenarios) explicitly calls third-party content tools—news_feed_search_news, news_events_get_latest_events, and news_feed_get_social_sentiment—to ingest public news articles and social-media sentiment (including URLs and KOL opinions) that the LLM must read and aggregate, exposing the agent to untrusted, user-generated web content.