rss-reader

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's fetch-rss.mjs explicitly fetches and parses arbitrary RSS/Atom feed URLs from the open web (parser.parseURL(feedUrl) in scripts/fetch-rss.mjs) and its SKILL.md instructs using browser.navigate(url) to visit article pages, so the agent will ingest and act on untrusted third-party content (feeds and article pages) as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill calls parser.parseURL(feedUrl) at runtime to fetch a user-supplied feed URL (the feedUrl, e.g. https://.../feed), and the fetched RSS/Atom content is injected verbatim into the script output that will be consumed by the agent/LLM, so remote content can directly control prompts.