blogwatcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly says the tool auto-discovers RSS/Atom feeds, falls back to HTML scraping of blog homepages, and imports OPML (public blogs/feeds), so it fetches and parses untrusted user-generated content from third-party websites as part of its scan workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes installation commands that extract a binary into /usr/local/bin (and thus would require elevated privileges and modify system files), so it directs actions that change the machine's state and may require sudo.