newscatcher

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs the agent to connect to the NewsCatcher connector via Membrane and run actions like "Search", "Get Article Text", and "Summarize Article", which fetch and read news articles from public third‑party websites (open web content) as part of the workflow, exposing the agent to untrusted external content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires fetching and running the Membrane CLI at runtime via commands like "npm install -g @membranehq/cli@latest" or "npx @membranehq/cli@latest", which downloads and executes remote code from the npm registry and is a required runtime dependency that can control actions/prompts.