ears

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes podsnap (README and audiosnap/podsnap.py) which downloads and transcribes arbitrary public URLs (YouTube, Bilibili, podcast sites, RSS feeds, direct web audio via yt-dlp/urllib), so the agent will fetch and interpret untrusted, user-generated third‑party content as part of its workflow, enabling indirect prompt injection.