newsapi-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's scripts (scripts/search.js and scripts/sources.js) call the public NewsAPI (https://newsapi.org) to fetch article JSON (including title, description, content, and url) and the README/examples (SKILL.md and references/examples.md) show workflows that parse, extract URLs, and act on those results — i.e., the agent ingests untrusted third‑party news content that can influence follow-up actions.