daily-news-caster

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (Step 2) instructs running news-aggregator-skill's fetch_news.py to fetch real-time news from open/public sources (e.g., hackernews, github, all), and Step 3 requires the agent to read and rewrite that fetched, user-generated third‑party content into the podcast script, which can materially influence subsequent TTS generation and actions—creating a clear vector for indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs npx to install and then execute scripts from external GitHub repos—https://github.com/cclank/news-aggregator-skill and https://github.com/noizai/skills—which fetches remote code (e.g., fetch_news.py and tts.sh) that is executed at runtime and controls prompt/script generation, so these repos are required runtime dependencies that directly affect agent behavior.