hack-feed

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public third‑party content — e.g., Exa web searches and web_fetch_exa in Phase 1b/Phase 4c, Hacker News via fetch_hn (hn.algolia) in scripts/collect-structured.sh, and GitHub PR/issue bodies/comments via gh API — and then uses those untrusted/user-generated texts for scoring, ToC generation and Explain rendering, so remote content can directly influence selection and subsequent agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill fetches external content at runtime (e.g. https://hn.algolia.com/api/v1/search_by_date and web pages via mcp__exa__web_fetch_exa as well as GitHub PR endpoints like https://api.github.com/repos/.../pulls/...) and then injects those fetched bodies into the Phase 4 "Explain" prompts, so remote content can directly influence the agent's instructions/output.