podcast-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and downloads arbitrary podcast RSS feeds and audio (fetch_rss_episodes / download_audio in podcast_pipeline.py), transcribes that third‑party content (transcribe_audio) and directly feeds the resulting transcript into the LLM extraction/generation step (extract_content_atoms / generate_content_pieces), so untrusted external content can materially influence the agent's outputs and scheduling decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The pipeline fetches RSS feeds and episode audio at runtime (e.g., https://feeds.example.com/podcast.xml and the audio_url entries it contains), transcribes that external content via the OpenAI transcription API, and injects the resulting transcript directly into Anthropic prompts—so remote URLs concretely control the agent's prompt input and are required for operation.