meeting-minutes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly supports downloading an arbitrary user-provided URL in Step 0 ("User provided a URL — Download the file using curl -sL <url> -o meetings/tmp/transcript.vtt"), and downstream subagents (Steps 2–4) read and act on that transcript file as part of the required workflow, so untrusted third-party content from arbitrary URLs can directly influence extraction, structuring, and tool actions.