technology-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill fetches and parses open/public third‑party content (e.g., RSS/API feeds listed in references/sources.json such as TechCrunch, Reddit .rss, Hacker News via hn_parser.js and rss_parser.js) and scripts/search_news.js uses that content to compute heat scores, rank results, and drive fallback web-search behavior—so untrusted user-generated web content is ingested and can materially influence tool decisions.