aeon-rss-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly describes fetching and parsing arbitrary RSS/Atom/JSON feeds (e.g., "Reads N feeds", feed URLs) and extracting one-sentence summaries from post bodies, which are untrusted public third‑party content that the agent ingests and uses in its workflow.