ai-content-publisher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's auto-publish flow runs scripts/fetch_hotspots.py and uses the RSS/GitHub sources listed in config/sources.yaml (e.g., TechCrunch, Dev.to, Product Hunt, GitHub Trending) and passes topic URLs into the writer (wechat-tech-writer via --url "$TOPIC_URL"), so it clearly ingests and interprets open public third-party content (RSS feeds, media sites, GitHub/community posts) as part of its workflow, exposing the agent to indirect prompt injection risk.