bx-rss

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). This skill explicitly reads and parses arbitrary public RSS/Atom feeds (see the rss() BIF examples and the aggregateFeeds function that loops over feedUrls calling bx:feed action="read" source=url), meaning it ingests untrusted third-party/user-generated content that can materially influence aggregation and subsequent feed creation or actions.