trend-spotter
Warn
Audited by Snyk on Jul 7, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). SKILL.md’s required workflow includes the “Tier-1 recipe” that fetches public RSS/Atom feeds (e.g., Google Trends, Hacker News, Reddit, YouTube) at runtime and ingests their readable
title/summarytext into the report tables viarss_monitor.py, which is then placed into the agent’s LLM context—an outsider-authored free-text source (public web content).
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata