hackernews

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly fetches and ingests public, user-generated content from the Hacker News API (https://hacker-news.firebaseio.com/v0) — e.g., story, comment, and user text fetched in SKILL.md examples (Get Story/Comment/Job Details, Get Story with Comments, Get User Profile) — which the agent is expected to read and could influence its actions, so untrusted third-party content can indirectly inject instructions.