ai-daily-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's fetch script (scripts/digest.ts) concurrently pulls RSS/Atom feeds from 90 public blogs (the RSS_FEEDS list, including Substack and other public sites), writes them to JSON, and the Agent is explicitly instructed to Read($TEMP_JSON) and score/parse/summarize those articles — so untrusted, user-published web content is consumed and interpreted by the agent, enabling indirect prompt injection risk.