daily-tech-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow (SKILL.md) and scripts/fetch_digest.py explicitly fetch and ingest untrusted, user-generated content from public sources—e.g., Reddit (https://www.reddit.com/r/programming/hot.json), GitHub Trending (https://github.com/trending), V2EX API (https://www.v2ex.com/api/topics/hot.json), linux.do RSS (https://linux.do/hot.rss), Nodeseek API (https://api.bimg.eu.org/daily.json), and ProductHunt API—and the agent is instructed to read and post-process those items (translate and generate interpretations), so third-party content can materially influence its outputs and actions.