finance-news
Warn
Audited by Snyk on Jun 12, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). At runtime, the briefing workflow fetches outsider-authored RSS/web content (e.g., Yahoo/Reuters/FT/Bloomberg/etc.) via
scripts/fetch_news.py→fetch_rss()and then passes the resulting articletitle/descriptionstrings into the LLM summarization context inscripts/briefing.py/scripts/summarize.py(LLM prompt includes fetched headlines/snippets).
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata