article-list-processor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill watches files dropped into local_inputs/ and its index.ts clearly parses arbitrary title links, fetches and extracts webpage text from those public URLs via fetchArticleContent (node-fetch + Readability), and passes that scraped third‑party content into the LLM generation call (generateContent → callClaude), so untrusted web content can directly influence model outputs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches arbitrary article URLs at runtime (e.g., https://example.com/article1) and injects the fetched article text directly into the prompt sent to the Claude model via buildArticleLinkPrompt/callClaude, so remote content can directly control model instructions and outputs.