film-breakdown

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Mode C workflow and README explicitly allow downloading arbitrary video URLs with yt-dlp (SKILL.md / README.md) and then parsing/reading extracted subtitles, transcripts, and keyframes (scripts/extract_subtitles.mjs, transcribe.mjs, extract_scenes.mjs and the "View extracted keyframes with the Read tool" step), which exposes the agent to untrusted, user-provided web content that the agent is expected to interpret and that can materially influence its analysis and actions.