hn-top10

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's script (scripts/hn_top10.py) directly fetches and parses the public Hacker News front page (HN_URL = "https://news.ycombinator.com/") and SKILL.md requires the agent to use the fetched JSON/front-page stories as a source of truth and to summarize/top-n items, meaning untrusted, user-generated content is ingested and can influence downstream decisions.