bilibili-subtitle

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly downloads subtitles from public Bilibili pages via BBDown (bbdown_client.get_video_info / download_audio) and feeds those user-generated transcript segments into LLM agents (agents/proofread_agent.py and agents/summarize_agent.py) as part of its processing pipeline, so untrusted third‑party content can influence model outputs and downstream behavior.