social-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches Discord channel messages and Mastodon statuses (user-generated/untrusted) as shown in SKILL.md and scripts/social-digest.ts, and the README and scripts state the agent performs summarization and link-reading via web_fetch, meaning untrusted third-party content is read and can materially influence the agent's outputs.