NYC

ai-daily-digest

Warn

Audited by Snyk on Feb 16, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill's fetch script (scripts/digest.ts) concurrently pulls RSS/Atom feeds from 90 public blogs (the RSS_FEEDS list, including Substack and other public sites), writes them to JSON, and the Agent is explicitly instructed to Read($TEMP_JSON) and score/parse/summarize those articles — so untrusted, user-published web content is consumed and interpreted by the agent, enabling indirect prompt injection risk.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 02:41 AM