news-briefing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow (news_feed and social_trending calls) together with references/feed-routing.md explicitly fetch public news sites and social platforms (e.g., cointelegraph, coindesk, reddit, weibo, douyin, bilibili, github), so the agent ingests untrusted third‑party/user‑generated content that can directly influence its briefing and actions.