newsletter-writer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly sources and reads external content as part of its required workflow — Step 3 calls list_content(content_type: "third_party") to pull external/press items and Step 4 states "If the user provided a URL, fetch the page content to write a description" (and uses get_content_text), so the agent will ingest and act on untrusted public/user-provided web content when drafting the newsletter.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires runtime calls to the Tiger Den MCP (e.g., get_marketing_reference(slug: "no-fly-list") and get_marketing_context(slugs: ["product-marketing-context","brand-voice-guide"])) to fetch required documents that directly constrain agent outputs (the No Fly List and brand/product guidance), so these external fetches control prompts at runtime.