overseerr

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). Yes — SKILL.md and the workflows (Search/Present results, "Present results with TMDB/TVDB links", requests.mjs/requests-enriched, and the Quick Reference) require the agent to query the Overseerr API which returns public TMDB/TVDB data and user-generated request/comments from the (third‑party/public) sources and then use those results to decide and perform actions (search → confirm → POST /request, approve/delete requests), so untrusted third‑party content can materially influence tool use.