technews

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly scrapes TechMeme's public RSS feed (scripts/techmeme_scraper.py -> https://www.techmeme.com/feed.xml), fetches and parses the linked article pages (scripts/article_fetcher.py) and social reactions (scripts/social_reactions.py using nitter/HN APIs) as required steps in technews.py, so untrusted third-party content is ingested and directly drives summaries and subsequent outputs, creating a clear vector for indirect prompt injection.