hn-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill fetches user-generated Hacker News front-page content from the public API (scripts/hn.mjs calls https://hn.algolia.com/api/v1/search?tags=front_page and SKILL.md even falls back to browsing https://news.ycombinator.com/), and those titles are parsed/ranked and fed into mood_prompt.mjs to build image-generation prompts and determine outputs—so untrusted third-party content is directly read and can materially influence tool use and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The script skills/hn-digest/scripts/generate_mood_nano_banana.sh performs a runtime pip install ("$PY" -m pip install google-genai pillow") which fetches packages from PyPI (e.g. https://pypi.org/project/google-genai/) and those packages are subsequently imported/executed by skills/hn-digest/scripts/nano_banana_mood.py, so remote code is fetched at runtime and executed as a required dependency.