doc-daily-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Step 2 explicitly fetches and scrapes untrusted public content — e.g., X/Twitter via res-x, arbitrary web pages via WebFetch and scrapling fallback, and GitHub repos — and the agent reads and uses those results to generate note content, names, and edits to the vault, so third-party instructions could materially influence its actions.