rss-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and reads content from public RSS feeds and web URLs (e.g., "feed get entries", "feed get entry ", and "Prefer fetching the URL directly (e.g. WebFetch)"), and even imports a public OPML from GitHub, so the agent will consume untrusted, third-party user-generated or public web content as part of its workflow.