video-download

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly loads user-supplied public pages on Douyin / Xiaohongshu / Bilibili via Playwright (see SKILL.md usage and the code paths launch_browser_and_capture and launch_browser_and_eval which call page.evaluate and inspect network responses/playinfo), reads untrusted page content and network responses, and then uses those values to select CDN URLs and control download/login flows—so third-party content can materially influence agent actions.