ai-news-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches public RSS/API content from open third‑party sites listed in config/sources.json (e.g., Hacker News, TechCrunch, 机器之心) via scripts/fetch_news.py and then feeds those article titles/summaries into processing and AI prompt flows (see scripts/enhance_content.py and scripts/ai_helper.py which write prompts/request files containing untrusted article text for an AI assistant to read), so external, user‑generated content can directly influence ranking, summarization, and downstream actions.