audio-extractor

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly runs yt-dlp on arbitrary public URLs (YouTube, SoundCloud, Bandcamp, podcasts/RSS, etc.) as shown in SKILL.md and scripts/extract_audio.py, ingesting untrusted page/metadata (titles, descriptions, playlist fields) into processing and output templates (filenames, metadata embedding), so third‑party content is fetched and can materially influence tool behavior.