blog-to-kindle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's mandatory "Fetch" step clearly downloads and parses open public websites (see scripts/fetch_blog.py which fetches archive_url/article pages and references/manual-workflow.md which uses curl and arbitrary --url for custom sites), ingesting untrusted blog content (titles, body) that is then used to build metadata, cover prompts, filenames/subjects and to drive subsequent actions (compile/send), so third‑party content can materially influence tool behavior.