news-aggregator-skill

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's fetch_news.py tool (e.g., using --source hackernews,weibo,producthunt,... and --deep) explicitly downloads and extracts article text from public, user-generated websites (Hacker News, Weibo, Product Hunt, etc.), and the SKILL.md requires the agent to read and deeply analyze that untrusted third-party content to drive filtering, scoring, and follow-up actions in reports, creating a clear vector for indirect prompt injection.