dak

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md / dak-cli.md / daily-summary.md) requires using the dak CLI to fetch/search public feed entries (feeds/entries with entry.content and entry.url) drawn from external sources (e.g., Bloomberg, Reuters, 微博/知乎/Hacker News) and instructs the agent to read and use that untrusted third-party content to drive deduplication, prioritization and summary-generation decisions, which could allow indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill relies on the dak server API (configured as https://dak-news.com) at runtime via the dak CLI/SDK to fetch feed entries' full Markdown content, which is then injected into the agent's context to drive summarization and prompts, so the external URL directly controls prompts and is a required dependency.