download-anything

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to fetch and parse content from open/public third-party sources—e.g., Anna's Archive, Z-Library and cloud-drive search engines (references/ebooks.md, references/cloud-search.md), social media and forums via gallery-dl and yt-dlp (references/tools-reference.md, scripts/dl-gallery.sh, scripts/dl-video.sh), and even to parse yt-dlp/gallery-dl JSON metadata (SKILL.md "Agent Automation Patterns" and tools-reference) — and uses that untrusted content to choose downloads, formats, mirrors, and follow-up actions, which permits indirect instruction injection.