reg-feed-watcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required workflow (Step 1: "Pull") explicitly fetches and ingests public third‑party feeds — e.g., the Federal Register API and direct regulator RSS URLs configured in ~/.claude/.../CLAUDE.md and the references/source-catalog.md (including secondary/aggregator feeds and optional web-search results) — and the agent reads and classifies those items to drive decisions (materiality tiers, run policy-diff, comment-tracker), so untrusted external content could materially influence actions.