apple-music

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses open Apple Music catalog pages and user-provided Apple Music URLs (via the "MusicKit API" and "UI Automation" sections in SKILL.md and README), and the agent reads those search/results page elements (Top Results, element descriptions) to decide which UI elements to hover/click, add to library, or add to playlists—so untrusted/public (including user-generated) catalog and playlist content directly influences tool actions.