ai-daily-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts/digest.ts explicitly fetches and parses public RSS feeds listed in RSS_FEEDS (e.g., simonwillison.net, substack feeds), writes a JSON file that Claude reads (Step 2), and then uses article titles/descriptions/links directly in buildScoringPrompt and buildSummaryPrompt to score, categorize, and decide which articles to include, so untrusted third‑party content can materially influence agent decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill fetches external RSS feeds at runtime (e.g., https://simonwillison.net/atom/everything/ and the other URLs in the RSS_FEEDS array) and injects the fetched article titles/descriptions into AI prompts for scoring and summarization, so those remote contents directly control the agent's prompt context.