feedgrab-batch

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs runtime fetching and ingestion of public, user-generated content from open web platforms (e.g., "feedgrab https://x.com/username", "feedgrab xhs-so ...", "feedgrab mpweixin-so ...", "feedgrab zhihu-so ..."), meaning the agent will read and act on untrusted third‑party pages/posts as part of its workflow, allowing indirect prompt injection via that content.