daily-news

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly traverses /methods and runs method files that fetch content from arbitrary public sources (e.g., RSS via references/methods/rss.py and method YAMLs with source_url like references/examples/method-with-metadata.example.yaml, plus webfetch/browser detail_methods and the Twitter login guide in references/website-template/LOGIN_GUIDE.md), and that external, user-generated/untrusted content is ingested and used to generate summaries, relevance scores and drive report generation — allowing third‑party page content to materially influence agent decisions.