daily-news-report

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the skill explicitly fetches and renders open public sites listed in sources.json (e.g., Hacker News, Product Hunt, HuggingFace papers, Substack/Latent Space) and ingests their user-generated/public content via WebFetch/browser SubAgents for summarization and decision-making, which can enable indirect prompt injection.