newsapi-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's runtime scripts (scripts/search.js and scripts/sources.js) call NewsAPI endpoints (https://newsapi.org/v2/everything and /top-headlines) to fetch and return article fields including "content", "description", and "url" from public news sources, which are untrusted third‑party content the agent is expected to read and that can materially influence subsequent actions.