news-summary

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md explicitly fetches and parses open public RSS feeds (e.g., BBC, Reuters, NPR, Al Jazeera) and the PRD also describes using external news search APIs, so the agent ingests and summarizes third‑party web content as part of its workflow (SKILL.md "RSS Feeds" and "Parse RSS" sections), which could allow indirect prompt injection via malicious or crafted feed content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill fetches external RSS feeds at runtime (e.g., https://feeds.bbci.co.uk/news/world/rss.xml and other listed feeds like the Reuters, NPR, and Al Jazeera RSS URLs), and those fetched contents are injected into the agent’s input to drive summarization, meaning the external content directly controls prompts and is a required dependency.