wow-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests untrusted third‑party content from Gmail newsletters (scripts/ingest.py using the gws CLI), public Telegram channels (scripts/ingest.py calling tg.py), and fetches arbitrary web articles via Firecrawl (scripts/enrich.py), then feeds those snippets directly into the LLM scoring prompt (scripts/wow_score.py) which drives selection, hooks, and archive/append actions—so external content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The enrich step (scripts/enrich.py) calls the Firecrawl scrape API at https://api.firecrawl.dev/v1/scrape at runtime to fetch article markdown and then injects that fetched content into candidates which are later passed verbatim into the LLM scoring prompt, so remote content can directly control the model's input.