freshrss
Warn
Audited by Snyk on Mar 1, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill fetches and displays headlines/articles from a user's self-hosted FreshRSS instance via the Google Reader-compatible API, which ingests arbitrary public RSS feeds/web pages (untrusted third-party content) that the agent reads and uses as part of its workflow, creating a clear path for indirect prompt injection.
Audit Metadata