content-digest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests untrusted public content — e.g., YouTube transcripts via yt-dlp, X/Twitter via the fetch-tweet script (api.fxtwitter.com), webpages via claude-in-chrome navigate/get_page_text, and parallel WebSearch results — and those external sources are parsed and used to generate the md output that directly drives quiz generation, web-research-driven expansions, and subsequent agent actions, exposing it to indirect prompt-injection risk.