rss-monitor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's fetchFeed implementation in index.js (and the SKILL.md examples such as xkcd.com/atom.xml, blog.github.com/feed/, news.ycombinator.com/rss) explicitly performs HTTP(S) requests to arbitrary public RSS/Atom URLs and parses their untrusted, user-generated feed content which is then consumed by functions like checkForNewItems and trackFeeds and can influence downstream decisions, so it exposes the agent to untrusted third-party content.