daily-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required runtime script (scripts/daily-review.sh) directly fetches and parses untrusted, user-generated third-party content—Slack via the Slack API, X.com mentions via the Bird CLI/remote SSH, and Fireflies meeting transcripts via the Fireflies GraphQL API (see the Fireflies query and the Bird/Slack calls in scripts/daily-review.sh)—and uses that content to select and count meetings/messages (e.g., filtering transcripts by speaker_name and printing titles), so external content is interpreted as part of the workflow and could materially affect which items are included or how the agent behaves.