media-ingest

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 explicitly fetches and ingests content from public third‑party sources (e.g., "YouTube/video URL" transcripts, PDFs/images via OCR, and "GitHub repo" cloning) and then reads and acts on that content to create summaries, extract entities, and drive follow-up actions, so untrusted user-generated material can influence tool use and next steps.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly clones and reads GitHub repositories at runtime (GitHub repo URLs, e.g., git@github.com:org/repo.git or https://github.com/org/repo.git), and those fetched README/key files are injected into the agent's summarization/ingestion flow — meaning remote content can directly control model input, so this is a runtime dependency that can influence prompts.